Very helpful :) thanks !
2013/10/26 Bryan Turner <bturner@xxxxxxxxxxxxx>:
> No, the .git/hooks directory in your clone is created from your local
> templates, installed with your Git distribution, not the remote hooks.
> On Linux distributions, these templates are often in someplace like
> /usr/share/git-core/templates (for normal packages), and on Windows
> with msysgit they are in share\git-core\templates under your
> installation directory. If you look in this directory you will see a
> hooks directory containing the sample hooks.
>
> Hooks from a remote repository are never cloned. As far as I'm aware,
> nothing from the .git directory (aside from refs and packs, of course)
> is cloned, including configuration. Your .git directory after a clone
> is completely new, assembled from scratch. There's nothing in the Git
> wire protocol (currently) for moving other data like configuration or
> hooks, and this sort of malicious code injection is one of the reasons
> I've seen discussed on the list for why that's the case.
>
> Hope this helps,
> Bryan Turner
>
>
> On 26 October 2013 09:25, Olivier Revollat <revollat@xxxxxxxxx> wrote:
>>
>> But when someone do a "clone" he don't have .git/hooks directory
>> downloaded to his local computer ? I thought so ...
>>
>> 2013/10/26 Junio C Hamano <gitster@xxxxxxxxx>:
>> > Olivier Revollat <revollat@xxxxxxxxx> writes:
>> >
>> >> I was wondering : What if I had a "malicious" GIT repository who can
>> >> "inject" code via git hooks mechanism : someone clone my repo and
>> >> some malicious code is executed when a certain GIT hook is triggered
>> >> (for example on commit ("prepare-commit-msg' hook))
>> >
>> > In that somebody else's clone, you will not have _your_ malicious
>> > hook installed, unless that cloner explicitly does something stupid,
>> > like copying that malicious hook.
>>
>>
>>
>> --
>> Mathematics is made of 50 percent formulas, 50 percent proofs, and 50
>> percent imagination.
>> --
>> To unsubscribe from this list: send the line "unsubscribe git" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50
percent imagination.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html