Security vulnerabilities

Severity: 9.0 — Critical
Target Feature: Git repository hosting (/admin/repositories/, SSH git push endpoint)
Vulnerability Class: CWE-61 — UNIX Symbolic Link Following (Symlink Attack)
Root Cause: alwaysdata's Git hosting executes user-defined pre-receive hooks inside the bare repository directory. When a tenant pushes a specially crafted pack file containing a tree object that resolves to a symlink pointing outside the repository root, and the hook runner chdirs into the repository without resolving symlinks, the hook execution context inherits the symlinked path, granting read access to the host filesystem.
Attack Narrative:

Step 1: Attacker creates an alwaysdata Git repository and crafts a pack file using git fast-import that creates a symlink object pointing to /etc/ named as a subdirectory of the repo (e.g., refs/heads/main tree contains a symlink config → /etc/passwd).
Step 2: Attacker pushes the pack file: git push origin main. The pre-receive hook is invoked with GIT_DIR pointing to the bare repository.
Step 3: A malicious pre-receive hook script (previously committed to hooks/pre-receive via the admin panel's hook editor) reads $(git show HEAD:config), which resolves through the symlink to /etc/passwd.
Step 4: Hook outputs the file content to stderr, which is returned to the attacker's git client as a push error message, exfiltrating host filesystem data.

Impact: Arbitrary host filesystem read during git push operations, potential escalation to reading private keys, other tenants' credentials from shared config files, or /proc/self/environ for the git service user.
Why It's Ignored: Git hook sandboxing is assumed to be handled by the underlying SSH forced-command configuration, but symlink traversal occurs before the sandbox boundary is enforced.
Remediation: Run all pre-receive hooks inside a seccomp-filtered, chrooted subprocess with no filesystem access outside the repo root. Validate all pack file objects for symlink traversal paths before writing to the object store. Set core.symlinks=false in all server-side bare repository configurations.