> Strange... What version of Cygwin did you use? When I tried this with > Cygwin 1.5.25, I got the following error: > > error: git checkout-index: unable to create file a:b (No medium found) I'm on 1.5.25-15 on WinXP over a mounted network file system, but no errors/warnings here... Thanks for the clarifications and the patch, -- Giovanni On Sun, Oct 5, 2008 at 1:39 AM, Dmitry Potapov <dpotapov@xxxxxxxxx> wrote: > On Thu, Oct 02, 2008 at 04:02:23PM +0200, Giovanni Funchal wrote: >> >> Cygwin does not allow files with colons, I think this is Windows stuff >> one just can't avoid. > > At least, you cannot use colon in Win32 API. They say Windows "native" > API has less restrictions over what symbols are not allowed in file > names, but I guess it is still not allowed. > >> If you have files with colons in a git >> repository and try pulling them on cygwin, the file is empty, its name >> is truncated and the status is wrong. >> >> linux $ date > a:b >> linux $ git init >> linux $ git add a:b >> linux $ git commit -m test >> linux $ git push >> cygwin $ git pull > > Strange... What version of Cygwin did you use? When I tried this with > Cygwin 1.5.25, I got the following error: > > error: git checkout-index: unable to create file a:b (No medium found) > > Apparently, Git tried to create 'b' file on the drive 'a', and creating > files outside of the working tree is not a very good thing to do from > the security point of view, as it can easily overwrite anything in > c:/windows/. > > So, here is a patch. It basically disallow backslashes and colons in > file names on Windows (whether it is MinGW or Cygwin). > > I wonder if the problem exists on Mac OS X too. From what I heard, it > does not treat ':' as a normal symbol. But I have no access to Mac OS X, > so here is a patch for Windows only. > > -- >8 -- > From: Dmitry Potapov <dpotapov@xxxxxxxxx> > Date: Sat, 4 Oct 2008 22:57:19 +0400 > Subject: [PATCH] correct verify_path for Windows > > Colon and backslash in names may be used on Windows to overwrite files > outside of the working directory. > > Signed-off-by: Dmitry Potapov <dpotapov@xxxxxxxxx> > --- > read-cache.c | 10 ++++++++++ > 1 files changed, 10 insertions(+), 0 deletions(-) > > diff --git a/read-cache.c b/read-cache.c > index 901064b..972592e 100644 > --- a/read-cache.c > +++ b/read-cache.c > @@ -701,6 +701,16 @@ inside: > } > return 0; > } > +#if defined(_WIN32) || defined(__CYGWIN__) > + /* > + * There is a bunch of other characters that are not allowed > + * in Win32 API, but the following two create a security hole > + * by allowing to overwrite files outside of the working tree, > + * therefore they are explicitly prohibited. > + */ > + else if (c == ':' || c == '\\') > + return 0; > +#endif > c = *path++; > } > } > -- > 1.6.0.2.445.g1198 > > -- >8 -- > -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
