> Theo Niessink has uncovered a serious sercurity issue in Git for Windows, > where cloning an evil repository can arbitrarily overwrite files outside > the repository... Filenames starting with C: are not necessarily absolute. Consider "c:foo.txt" where c: is the current directory on drive C, or "c:stream1" where c is a single-letter filename in the current directory with an alternate data stream such as would be shown by dir /r. The has_dos_drive_prefix check is overly broad. Maybe this is intentional and just needs to be documented. Absolute paths like \\localhost\C$\file.txt and \\?\C:\file.txt do seem to be caught, because they start with '\'. Microsoft says[1] a path is relative unless: - it begins with "\\" - it begins with a disk designator followed by a directory separator - it begins with a single "\" On that basis, has_dos_drive_prefix(path) should be: isalpha(*(path)) && (path)[1] == ':' && is_dir_sep((path)[2]) However, there are also paths within the NT namespace (as opposed to the Win32 namespace, [1] again) that might be considered absolute, or at least to which git should not try to write. Examples would be PRN, CONOUT$, AUX, etc. These will not be caught by the current form of has_dos_drive_prefix, if that is even the right place to catch them. I think the QueryDosDevice function (given the part of the path up to the first directory separator, if one is present [2]) would detect them, and logical drive mappings as well. However, QueryDosDevice seems to also include many things that are not worthy of concern, like (on my computer) "DISPLAY5". Does anyone know the correct approach here? I gather that other programs can create names like these (with DefineDosDevice), so a hard-coded exception list from [1] (that being: CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9) might not be adequate? [1] http://msdn.microsoft.com/en-us/library/aa365247(v=vs.85).aspx [2] http://msdn.microsoft.com/en-us/library/aa365461(v=vs.85).aspx -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html