On 04 Nov 2022 at 07:47:46, Thomas Guyot arranged the bits on my disk to say:

What prevents you from getting the owned uid or the repos and forking a 
process as that user to run the check?

Laziness?

I should note: these aren't really "untrusted" user repositories, so I'm
not very concerned about it (though I understand your point).

This does beg the question: does running "git fsck" on an untrusted
repository as another user present a [security] problem?

If so, should it?

quoted

     2. I think it might be useful to warn the user that the behavior they're
        expecting isn't happening due to this security check, instead of just
        outputting objectively wrong information (i.e. that no config options
        exist when they actually do exist); I'd be curious what others think.

What was the return code for the git config command? If it was zero when 
it didn't parse/output the config option you asked for that is 
definitively a bug. If you failed to check the return code of git-config 
then you should fix your script/tool instead.

underworld # ~preed/src/git/git --version
git version 2.30.2.4.g8959555cee
underworld # GIT_PAGER=cat ~preed/src/git/git-config -l
underworld # echo $?
0

best,
preed
-- 
J. Paul Reed
https://jpaulreed.com
PGP: 0x41AA0EF1