Jeff King <peff@xxxxxxxx> writes:
> For matching specific names, we have to deal with case-folding. It's
> easy to hit the common ones like ".GITIGNORE" with fspathcmp(). But if
> this is actually protection against malicious repositories, we have to
> match all of the horrible filesystem-specific junk that we did for
> ".git".
>
> Symlinks are likewise tricky.
Wouldn't it be the simplest to say these:
(1) The code attempts to read ".gitignore" (or ".git<something>")
in general from the filesystem, or the index, or a tree. No
case permutations are attempted.
(2) When the code tries to do the above, we open with nofollow (or
protect racily with lstat(2) which may be the best we could do)
when reading from the filesystem, or check the ce_mode type
when reading from the index or from a tree, and ignore if the
path we are using is a symbolic link.
That way, case funny filesystems that cause trouble like the ".git"
thing would not have a chance to interfere and fool us, no?