Pre-receive hook file displaying unwanted message while executing the hook

Question

GitLab version - 9.3.6

Recently I added the pre-receive hook for blocking the binary file pushing. I can get the expected out in my gitlab testing server machine (below image)

Testing Server side displaying message

I added the same hook file on the live server machine. But I got another extra line (below) in displaying the message.

Live server side displaying message

Actually, my hook is working properly. But there is an extra line displaying in the message. I am sure, there no extra printing statement on my hook file.

My commit message is

remote: hooks/pre-receive:3: warning: Insecure world writable dir /opt/gitlab/embedded/libexec in PATH, mode 040777        

remote: Hello there! We have restricted the binary files (.exe, .dll, .zip, .7z, .deb, .cab, .gz, .pkg, .iso) that are pushed into GitLab.        
remote: Your changes contain following file(s) from origin commit c7a151fb to a4e7c31c. Kindly remove the following file(s) and try again.        
remote:     NewTest.dll

How can I remove the line hooks/pre-receive:3: warning: Insecure world writable dir /opt/gitlab/embedded/libexec in PATH, mode 040777 from that message line?

@hezanathos If I remove the dll file means, I can able to commit to that branch. But I moto is display the error message properly — Arunkumar, Dec 14 '17 at 10:00

score 3 · Accepted Answer · answered Dec 14 '17 at 09:56

The warning indicates that /opt/gitlab/embedded/libexec is world writable. This is a security issue because it is part of the PATH environment the hook apparently runs with. This means that anyone with access to the server can put executable files into that directory, possibly shadowing legitimate commands with malicious ones. If these commands are then used from within a hook, anyone can gain the privileges of the user running the hook.

To fix this, you should make the indicated libexec directory non world writable:

chmod o-w /opt/gitlab/embedded/libexec

thank you for your explanation. By your answer, I overcome this issue. — Arunkumar, Dec 14 '17 at 10:21

score 0 · Answer 2 · answered Dec 14 '17 at 10:22

0

I get rid of this issue by using sudo chmod go-w /opt/gitlab, sudo chmod go-w /opt/gitlab/embedded/bin and sudo chmod go-w /opt/gitlab/embedded

I give the write permission in the path displayed in the error. Finally, Its works.

answered Dec 14 '17 at 10:22

Arunkumar

73
1
11

Pre-receive hook file displaying unwanted message while executing the hook

2 Answers2