| commit | bb92255ebe6bccd76227e023d6d0bc997e318ad0 | |
| author | Jonathan Nieder <jrnieder@gmail.com> | |
| Thu, 5 Dec 2019 09:30:43 +0000 (5 01:30 -0800) | ||
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | |
| Fri, 6 Dec 2019 15:27:38 +0000 (6 16:27 +0100) | ||
| tree | d506e15c7903457a57677942a619c07e36e0509e | treesnapshot (tar.gz zip) |
| parent | bdfef0492cada3fb36f454804796bf12c79a7136 | commitdiff |
fsck: reject submodule.update = !command in .gitmodules
This allows hosting providers to detect whether they are being used
to attack users using malicious 'update = !command' settings in
.gitmodules.
Since ac1fbbda2013 (submodule: do not copy unknown update mode from
.gitmodules, 2013-12-02), in normal cases such settings have been
treated as 'update = none', so forbidding them should not produce any
collateral damage to legitimate uses. A quick search does not reveal
any repositories making use of this construct, either.
Reported-by: Joern Schneeweisz <jschneeweisz@gitlab.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This allows hosting providers to detect whether they are being used
to attack users using malicious 'update = !command' settings in
.gitmodules.
Since ac1fbbda2013 (submodule: do not copy unknown update mode from
.gitmodules, 2013-12-02), in normal cases such settings have been
treated as 'update = none', so forbidding them should not produce any
collateral damage to legitimate uses. A quick search does not reveal
any repositories making use of this construct, either.
Reported-by: Joern Schneeweisz <jschneeweisz@gitlab.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
| fsck.c | diffblobblamehistory | |
| t/t7406-submodule-update.sh | diffblobblamehistory |