On 26-07-08 17:10, Johannes Schindelin wrote:
Hi,
On Sat, 26 Jul 2008, Rene Herman wrote:
On 26-07-08 16:14, Johannes Schindelin wrote:
When the program 'git' is in the PATH, the argv[0] is set to the
basename. However, argv0_path needs the full path, so add a function
to discover the program by traversing the PATH manually.
While not having read the context for this, this ofcourse sounds like a huge
gaping race-condition. If applicable here (as said, did not read context) you
generally want to make sure that there's no window that a path could be
replaced -- while perhaps not here, that's often the kind of thing that
security attacks end up abusing.
Yeah, and that's why you would carefully time your attack just in between
the command invocation and the discovery of argv[0] in the PATH.
Rather than replacing the 'git' program with an infected version right
away.
Adding to the PATH is generally not disallowed by user level security.
Replacing the GIT binary generally is.
Sure maybe it's not much of a problem here; as said, I didn't read the
context and am not a GIT person. Just commented on a git-user list when
this was the next message on the list. Though a heads-up might still be
in order. If it wasn't useful -- so be it, but even making a command do
something different than a user expected can have serious implications,
for example in this case for the tree they are working on.
Rene.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html