Hello Jeff and thank you for your response! To work around this problem, should we instead host this repo on a public service? If so which one would you recommend? --Jonathan Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, January 14, 2020 10:08 PM, Jeff King <peff@xxxxxxxx> wrote: > On Tue, Jan 14, 2020 at 02:48:05PM +0000, 1234dev wrote: > > > Let's say you're working with a team of elite hackers, passing a > > tarball of a Git repo back and forth as you complete your mission. Now > > let's say one of them has malicious intent. What are the possibilities > > that he or she can, for instance, hide changes made to a script or > > binary that does something malicious if executed? Or perhaps maybe > > there are other such scenarios one should be made aware of? > > It is absolutely not safe to run Git commands from a tarball of an > untrusted repo. There are many ways to execute arbitrary code specified > by a config option, and you'd be getting recipients .git/config. > Likewise for hooks. > > And while we would consider it a bug if you can trigger a memory error > by reading a corrupted or malicious on-disk file, that's gotten way > less auditing than the code paths which take in objects from a remote. > So e.g., I would not be surprised if there are vulnerabilities that > could cause out-of-bounds reads of a corrupted .git/index. > > -Peff
