On 04 Nov 2022 at 07:47:46, Thomas Guyot arranged the bits on my disk to say: > What prevents you from getting the owned uid or the repos and forking a > process as that user to run the check? Laziness? I should note: these aren't really "untrusted" user repositories, so I'm not very concerned about it (though I understand your point). This does beg the question: does running "git fsck" on an untrusted repository as another user present a [security] problem? If so, should it? > > 2. I think it might be useful to warn the user that the behavior they're > > expecting isn't happening due to this security check, instead of just > > outputting objectively wrong information (i.e. that no config options > > exist when they actually do exist); I'd be curious what others think. > > What was the return code for the git config command? If it was zero when > it didn't parse/output the config option you asked for that is > definitively a bug. If you failed to check the return code of git-config > then you should fix your script/tool instead. underworld # ~preed/src/git/git --version git version 2.30.2.4.g8959555cee underworld # GIT_PAGER=cat ~preed/src/git/git-config -l underworld # echo $? 0 best, preed -- J. Paul Reed https://jpaulreed.com PGP: 0x41AA0EF1
