Skip to content

Bind Git worktree helpers to a trusted executable#30833

Open
bookholt-oai wants to merge 7 commits into
bookholt/deny-transport-for-local-gitfrom
codex/psec-4394-trusted-git-runner
Open

Bind Git worktree helpers to a trusted executable#30833
bookholt-oai wants to merge 7 commits into
bookholt/deny-transport-for-local-gitfrom
codex/psec-4394-trusted-git-runner

Conversation

@bookholt-oai

@bookholt-oai bookholt-oai commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Why

Codex's internal worktree helpers used whichever git executable appeared first in PATH at each call site. A repository-controlled executable or linked worktree could therefore run before the helper reached its normal safety checks.

What

Choose one absolute native Git executable outside the active repository, any enclosing repository, its linked worktrees, and its shared Git metadata. Pin that executable and reuse it for patch and repository operations.

How

Immediately before each child starts, remove inherited settings that could redirect the repository, index, path matching, executable lookup, or Git configuration. Reapply the existing local-only transport policy at the same boundary.

On Windows, reject PATH entries whose spelling, aliases, namespaces, or junctions could hide traversal through repository-controlled locations.

This PR is stacked on #29470 and should land after it.

Testing

  • 42 codex-git-utils tests passed.
  • 9 focused trusted-executable tests passed.
  • Coverage includes nested repositories, submodules, linked worktrees, shared Git directories, symlinks, junctions, PATH traversal, PWD variants, and Windows path aliases.
  • Formatting and diff checks passed.
  • 31/31 non-Codeownerous CI checks are green at 63f6aa5da5, including native Windows.

Related: PSEC-4394

@bookholt-oai bookholt-oai marked this pull request as ready for review July 1, 2026 15:04

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2ca4f55c0d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread codex-rs/git-utils/src/operations.rs Outdated
}

#[cfg(test)]
mod tests {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3 Badge Move the new operations tests to a sibling file

When adding this new test module, the repo guidance requires putting the test contents in a separate sibling file with a descriptive #[path = "..._tests.rs"] declaration rather than defining the module inline. Keeping these new tests in operations.rs makes this file inconsistent with the adjacent git_command_tests.rs/git_config_tests.rs organization and harder to navigate.

AGENTS.md reference: AGENTS.md:L167-L178

Useful? React with 👍 / 👎.

Comment on lines +52 to +53
if path_is_untrusted(&candidate, untrusted) {
continue;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3 Badge Normalize lexical PATH candidates before rejecting them

When a trusted Git binary is outside the repo but the PATH entry is spelled through the repo with .. (for example /work/repo/../tools/bin), this pre-canonical path_is_untrusted check treats the candidate as being inside /work/repo and skips it before the later canonical checks can prove it is outside. In environments where that is the only usable Git on PATH, all of these helpers now fail with NoTrustedGit even though a trusted executable is available.

Useful? React with 👍 / 👎.

Comment thread codex-rs/git-utils/src/git_command.rs Outdated
Comment on lines +108 to +111
locations
.common_dir
.as_deref()
.is_some_and(|common_dir| path_is_in_worktree_for_common_dir(path, common_dir))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject Git binaries from enclosing repositories

When Codex is run inside a submodule or nested repo and PATH contains an absolute bin directory from the enclosing checkout, the candidate is outside roots and path_is_in_worktree_for_common_dir returns false because the parent repo has a different common dir. That lets a parent-repository-controlled git be selected, leaving the PATH hijack this resolver is meant to prevent open for that common setup.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant