Junio C Hamano <gitster@xxxxxxxxx> writes: > Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > >> Ugh. I don't see anything we can do about this on the git side, and I >> do kind of understand why 'patch' would be worried about '..' files. >> In a perfect world, patch would parse the filename and see that it >> stays within the directory structure of the project, but that is a >> rather harder thing to do than just say "no dot-dot files". > > It is unclear to me why "limit to the current directory and below" > is such a big deal in the first place. > > If the user wants to apply a patch that touches ../etc/shadow, is > the tool in the place to complain?" Let me take this part back. I think "git apply" should behave closely to "git apply --index" (which is used by "git am" unless there is a very good reason not to (and "'git apply --index' behaves differently from GNU patch, and we should match what the latter does" is not a very good reason). When the index guards the working tree, we do not follow any symlink, whether the destination is inside the current directory or not. I however do not think the current "git apply" notices that it will overwrite a path beyond a symlink---we may need to fix that if that is the case. I'll see what I can find (but I'll be doing 2.3-rc2 today so it may be later this week). Thanks. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html