refs: reject ref updates while GIT_QUARANTINE_PATH is set As documented in git-receive-pack(1), updating a ref from within the pre-receive hook is dangerous and can corrupt your repo. This patch forbids ref updates entirely during the hook to make it harder for adventurous hook writers to shoot themselves in the foot. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>

commit: d8f4481c4f03132174b514f428cd67d2cc0dc997 [log] [tgz]
author: Jeff King <peff@peff.net> Mon Apr 10 18:14:12 2017 -0400
committer: Junio C Hamano <gitster@pobox.com> Sun Apr 16 18:19:18 2017 -0700
tree: 70b6f8f9291109936af14988d23ebed5ced643bd
parent: eaeed077a69ad1e26b0c329ac0f6cbd397f5be9e [diff] [blame]
diff --git a/refs.c b/refs.c
index 5ffdd77..916b0d5 100644
--- a/refs.c
+++ b/refs.c

@@ -1465,6 +1465,12 @@ int ref_transaction_commit(struct ref_transaction *transaction,
 {
 	struct ref_store *refs = get_ref_store(NULL);
 
+	if (getenv(GIT_QUARANTINE_ENVIRONMENT)) {
+		strbuf_addstr(err,
+			      _("ref updates forbidden inside quarantine environment"));
+		return -1;
+	}
+
 	return refs->be->transaction_commit(refs, transaction, err);
 }
commit	d8f4481c4f03132174b514f428cd67d2cc0dc997	[log] [tgz]
author	Jeff King <peff@peff.net>	Mon Apr 10 18:14:12 2017 -0400
committer	Junio C Hamano <gitster@pobox.com>	Sun Apr 16 18:19:18 2017 -0700
tree	70b6f8f9291109936af14988d23ebed5ced643bd
parent	eaeed077a69ad1e26b0c329ac0f6cbd397f5be9e [diff] [blame]