Hi,
On Sat, 10 Feb 2007, Theodore Tso wrote:
> diff --git a/git.c b/git.c
> index c43d4ff..fc08396 100644
> --- a/git.c
> +++ b/git.c
> @@ -159,6 +159,16 @@ static int handle_alias(int *argcp, const char ***argv)
> alias_command = (*argv)[0];
> git_config(git_alias_config);
> if (alias_string) {
> + if (alias_string[0] == '!') {
> + trace_printf("trace: alias to shell cmd: %s => %s\n",
> + alias_command, alias_string+1);
Here, you add 1 to alias string (though I would put spaces around the
plus, but that's really a nit).
> + ret = system(alias_string+1);
> + if (ret >= 0 && WIFEXITED(ret) &&
> + WEXITSTATUS(ret) != 127)
> + exit(WEXITSTATUS(ret));
> + die("Failed to run '%s' when expanding alias '%s'\n",
> + alias_string, alias_command);
So, shouldn't you here, too?
It made me feel a little uneasy that we can execute _any_ command now, but
I can only find one way to exploit this, when an attacker does not have
shell access anyway: git-shell.
Ciao,
Dscho
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html