CVE-2025-22620 - Security Vulnerability in gitoxide's Permissions Handling Prior to .17.

Hello everyone! Today, we will be discussing an important security vulnerability (CVE-2025-22620) that affects gitoxide, an implementation of git written in Rust. Before we dive into the details, let's understand what gitoxide is and why it is relevant.

Gitoxide - Git Implementation in Rust

Gitoxide is an alternative implementation of git written in Rust. Rust's safety and performance properties make it a compelling choice for implementing a version control system like git. Gitoxide provides an easy-to-use, modular, well-documented, and high-performance alternative to other git implementations. But like any other software, security vulnerabilities can be discovered and need to be fixed.

CVE-2025-22620 - Permissions Handling Vulnerability

Prior to version .17., gitoxide had a security vulnerability related to the way it handled file permissions when checking out executable files. The gix-worktree-state functionality specified 0777 permissions, intending for the user or system-wide umask to restrict them as required. But one of the strategies it uses for setting permissions was not subject to the umask, leading to a potentially dangerous situation where files in a repository would end up being world-writable. In some cases, this could allow unauthorized access or unwanted modifications to the files, compromising the integrity and security of the data.

Here's the problematic code snippet

fn check_out_executable_file(path: &Path) -> Result<()> {
    let mut perms = std::fs::metadata(path)?.permissions();
    perms.set_mode(o777);

    // Setting file permissions
    std::fs::set_permissions(path, perms)
}

This code sets the mode of an executable file to 0777, which would ideally be appropriately restricted by the umask. However, it doesn't take umask into consideration in one of the permission setting strategies, causing the vulnerability.

The Fix

This vulnerability has been fixed in gitoxide .17.. The relevant pull request and changes can be found here. The solution consists of adjusting the mode based on the umask and applying it correctly. The updated code snippet looks like this:

fn check_out_executable_file(path: &Path) -> Result<()> {
    let mut perms = std::fs::metadata(path)?.permissions();
    let umask = get_umask();
    perms.set_mode(o777 & !umask);

    // Setting file permissions
    std::fs::set_permissions(path, perms)
}

How to Protect Your Repositories

It is highly recommended that you update to gitoxide .17. or later to mitigate this vulnerability and ensure the security of your repositories. You can find the latest version and instructions on how to update in the official gitoxide repository.

Please remember that keeping your software up-to-date is crucial for maintaining a secure environment, as outdated versions are more likely to have known vulnerabilities that can be exploited by attackers.

Timeline

Published on: 01/20/2025 16:15:28 UTC