On Fri, 7 Oct 2016 18:27:12 +0200 Jakub Wilk wrote: > $ webcheckout /path/to/badgit.html > git clone ext::sh -c cowsay% pwned% >% /dev/tty
I consider this particular attack to be a bug in git and the git authors seem to agree with me because it is blocked in sid. Do you think this should be fixed in git or in webcheckout or both? $ webcheckout ./badgit.html git clone -- ext::sh -c cowsay% pwned% >% /dev/tty Cloning into 'tty'... fatal: transport 'ext' not allowed failed to checkout ext::sh -c cowsay% pwned% >% /dev/tty $ grep -riA6 git-remote-ext /usr/share/doc/git/RelNotes/ | head -n6 /usr/share/doc/git/RelNotes/2.4.10.txt: * Some protocols (like git-remote-ext) can execute arbitrary code /usr/share/doc/git/RelNotes/2.4.10.txt- found in the URL. The URLs that submodules use may come from /usr/share/doc/git/RelNotes/2.4.10.txt- arbitrary sources (e.g., .gitmodules files in a remote /usr/share/doc/git/RelNotes/2.4.10.txt- repository), and can hurt those who blindly enable recursive /usr/share/doc/git/RelNotes/2.4.10.txt- fetch. Restrict the allowed protocols to well known and safe /usr/share/doc/git/RelNotes/2.4.10.txt- ones. -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part