Re: git ate my home directory :-(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26 March 2013 18:06, Richard Weinberger <richard@xxxxxx> wrote:
> P.s: I've told this story to some friends and co-workers which use git like
> me very day.
> All of them were shocked about the behavior of git-clean and GIT_DIR.

Seconded. At $work lots of people started asking anxious questions
about this. It was suggested it is a potential security hole, although
I am not sure I agree, but the general idea being that if you could
manage to set this var in someones environment then they might use git
to do real damage to a system. (The counterargument being that if you
can set that in someones environment you can do worse already... But
im a not a security type so I cant say)

As a knee-jerk response we will be armoring various scripts we have
that use git automatically to refuse to run if GIT_DIR is set. I
suspect a lot of people will be doing the same.

cheers,
Yves



-- 
perl -Mre=debug -e "/just|another|perl|hacker/"
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]