So once upon a time we compared Gits security model with a
web browser. A web browser lets you execute 3rd party code
(e.g. javascript) and it is supposedly safe to look at malicious sites.
Currently Git only promises to have the clone/fetch operation safe,
not the "here is a zip of my whole
On Mon, Oct 02, 2017 at 04:45:17PM -0700, Jonathan Nieder wrote:
> This topic has been mentioned on this mailing list before but I had
> trouble finding a relevant reference. Links welcome.
There were discussions long ago related to the upload-pack hook. One of
the proposed fixes was checking
Hi,
On Tue, Oct 3, 2017 at 1:45 AM, Jonathan Nieder wrote:
> Proposed fix: because of case (1), I would like a way to tell Git to
> stop trusting any files in .git. That is:
>
> 1. Introduce a (configurable) list of "safe" configuration items that
> can be set in
Jonathan Nieder writes:
> Proposed fix: because of case (1), I would like a way to tell Git to
> stop trusting any files in .git. That is:
>
> 1. Introduce a (configurable) list of "safe" configuration items that
> can be set in .git/config and don't respect any others.
Hi,
This topic has been mentioned on this mailing list before but I had
trouble finding a relevant reference. Links welcome.
Suppose that I add the following to .git/config in a repository on a
shared computer:
[pager]
log = rm -fr /
fsck = rm -fr /
5 matches
Mail list logo