From: Jon Griffiths <jon_p_griffiths@xxxxxxxxx>
Relative socket paths are dangerous since the user cannot generally
control when the daemon starts (initially, after a timeout, kill or
crash). Since the daemon creates but does not delete the socket
directory, this could lead to spurious directory creation relative
to the users cwd.
Suggested-by: Jeff King <peff@xxxxxxxx>
Signed-off-by: Jon Griffiths <jon_p_griffiths@xxxxxxxxx>
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
Documentation/git-credential-cache.txt | 2 +-
credential-cache--daemon.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/Documentation/git-credential-cache.txt b/Documentation/git-credential-cache.txt
index 89b7306..96208f8 100644
--- a/Documentation/git-credential-cache.txt
+++ b/Documentation/git-credential-cache.txt
@@ -36,7 +36,7 @@ OPTIONS
cache daemon if one is not started). Defaults to
`~/.git-credential-cache/socket`. If your home directory is on a
network-mounted filesystem, you may need to change this to a
- local filesystem.
+ local filesystem. You must specify an absolute path.
CONTROLLING THE DAEMON
----------------------
diff --git a/credential-cache--daemon.c b/credential-cache--daemon.c
index 3403f48..7cfcd37 100644
--- a/credential-cache--daemon.c
+++ b/credential-cache--daemon.c
@@ -262,6 +262,9 @@ int main(int argc, const char **argv)
if (!socket_path)
usage_with_options(usage, options);
+ if (!is_absolute_path(socket_path))
+ die("socket directory must be an absolute path");
+
init_socket_directory(socket_path);
register_tempfile(&socket_file, socket_path);
--
2.7.2.645.g4e1306c
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html