I was wondering : What if I had a "malicious" GIT repository who can
"inject" code via git hooks mechanism : someone clone my repo and
some malicious code is executed when a certain GIT hook is triggered
(for example on commit ("prepare-commit-msg' hook)) ? What if I email
/etc/passwd for exemple ?
Does GIT's hooks security is assured by the GIT user privileges ? but
git user can still read /etc/passwd and make something fun with it :)
Is it by the trust relationship ? I mean, If I clone a repo, I
certainly knew the source and I trusted it ... isn't it ?
But if I have a website with file injection vulnerability and I can
replace the git hook script with another (malicious) content ...
I'm maybe "paranoid" :) but I'm just asking the question ... just for
my curiosity's sake :)
Thanks for your comments and explanations :)
--
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50
percent imagination.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html