Re: [PATCH v3 04/35] upload-pack: convert to a builtin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 22, 2018 at 06:05:15PM -0500, Jeff King wrote:

> On Thu, Feb 22, 2018 at 02:42:35PM -0800, Jonathan Nieder wrote:
> 
> > > I couldn't quite get it to work, but I think it's because I'm doing
> > > something wrong with the submodules. But I also think this attack would
> > > _have_ to be done over ssh, because on a local system the submodule
> > > clone would a hard-link rather than a real fetch.
> > 
> > What happens if the submodule URL starts with file://?
> 
> Ah, that would do it. Or I guess any follow-up fetch.
> 
> I'm still having trouble convincing submodules to fetch _just_ the
> desired sha1, though. It always just fetches everything. I know there's
> a way that this kicks in (that's why we have things like
> allowReachableSHA1InWant), but I'm not sufficiently well-versed in
> submodules to know how to trigger it.

<facepalm> This won't work anyway. I was right when I said that we don't
redirect stderr for rev-list, but of course it's stdout that determines
the pager behavior. So I don't think you could get rev-list to trigger a
pager here.

I don't think there's currently any vulnerability, but it's more to do
with luck than any amount of carefulness on our part.

-Peff



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux