This patch makes sure that variables from the environment cannot
override e.g. the Git directory to operate on, as well as other critical
parts of Git operations. These variables are:
- GIT_DIR
- GIT_WORK_TREE
- GIT_NAMESPACE
- GIT_INDEX_FILE
- GIT_INDEX_VERSION
- GIT_OBJECT_DIRECTORY
- GIT_COMMON_DIR
If any of those are set, pass might end up operating on another
repository, and things would break.
I caught this having GIT_DIR set, but fortunately the other repository
had a .gitignore that would have ignored the file:
```
fishbowl~% echo $GIT_DIR
/home/madduck/.config/vcsh/repo.d/zsh.git
fishbowl~% pass generate test
The following paths are ignored by one of your .gitignore files:
.password-store/test.gpg
Use -f if you really want to add them.
The generated password for test is:
…
```
The result was an orphan file `test.gpg` in the password-store root.
Signed-off-by: martin f. krafft <madd...@madduck.net>
---
src/password-store.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/password-store.sh b/src/password-store.sh
index 1d119f2..ddb30f2 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -20,6 +20,10 @@ GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}"
CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:punct:][:alnum:]}"
CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}"
+unset GIT_DIR GIT_WORK_TREE GIT_NAMESPACE \
+ GIT_INDEX_FILE GIT_INDEX_VERSION \
+ GIT_OBJECT_DIRECTORY GIT_COMMON_DIR
+
export GIT_CEILING_DIRECTORIES="$PREFIX/.."
#
--
2.23.0.rc1
_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
