shadow-rs does not report error with git "dubious ownership" fatal error

[taoky]

Since CVE-2022-24765, new git version adds an ownership check functionality, and if git owner != current uid, git command would report such error:

# git status
fatal: detected dubious ownership in repository at '/example'
To add an exception for this directory, call:

	git config --global --add safe.directory /example

However, shadow-rs would silently ignore the error, and returns empty values for git-related consts.

Reproduce:

1. Initialize an empty project, with a non-root user and files in "Setup" in shadow-rs README (shadow-rs 0.32.0)

2. Add println!("{}", build::CLAP_LONG_VERSION); in main()

3. git init and git commit -a

4. Build with same non-root user:

   0.1.0
   branch:master
   commit_hash:d423f07a
   build_time:2024-08-21 17:02:35 +08:00
   build_env:rustc 1.80.1 (3f5fd8dd4 2024-08-06),stable-x86_64-unknown-linux-gnu
   

5. Use su to change user to root (Don't use sudo as git would try check this with SUDO_USER env). git status in root would report this fatal error.

6. cargo clean and build with root:

   0.1.0
   branch:
   commit_hash:
   build_time:2024-08-21 17:05:18 +08:00
   build_env:rustc 1.80.1 (3f5fd8dd4 2024-08-06),stable-x86_64-unknown-linux-gnu
   

This could make it hard to debug when building Rust projects with Docker (by default it uses root inside container), especially in CI environment (to be frankly this spent me an afternoon to find the bug).

[baoyachi]

@taoky Has the git2 feature in shadow-rs been enabled?

[taoky]

@taoky Has the git2 feature in shadow-rs been enabled?

This bug is also reproducible with git2 on:

[dependencies]
shadow-rs = { version = "0.32.0", features = ["git2"] }

[build-dependencies]
shadow-rs = { version = "0.32.0", features = ["git2"] }

[baoyachi]

@taoky Please provide git version,like this:

➜  ~ git -v
git version 2.40.1
➜  ~

[taoky]

I'm testing with git in Debian 12:

$ git --version
git version 2.39.2

libgit2 is libgit2-1.5 (1.5.1+ds-1+deb12u1).

[baoyachi]

Thx @taoky .It's bug.

In shadow-rs ,current only capture Out stdout. but stderr not processed, we also need optimize it and needs to be exposed.

With the Command Output struct:

#[derive(PartialEq, Eq, Clone)]
#[stable(feature = "process", since = "1.0.0")]
pub struct Output {
    /// The status (exit code) of the process.
    #[stable(feature = "process", since = "1.0.0")]
    pub status: ExitStatus,
    /// The data that the process wrote to stdout.
    #[stable(feature = "process", since = "1.0.0")]
    pub stdout: Vec<u8>,
    /// The data that the process wrote to stderr.
    #[stable(feature = "process", since = "1.0.0")]
    pub stderr: Vec<u8>,
}

In shadow-rs source code with git comannd exec:

fn exec(&self, args: &[&str]) -> Option<String> {
        Command::new("git")
            .current_dir(self.path)
            .args(args)
            .output()
            .map(|x| {
+                String::from_utf8(x.stdout) //Missing handling of the x.stderr 
                    .map(|x| x.trim().to_string())
                    .ok()
            })
            .unwrap_or(None)
    }