Thread (329 messages) 329 messages, 12 authors, 2018-03-14

Re: [PATCH v3 04/35] upload-pack: convert to a builtin

From: Jonathan Nieder <hidden>
Date: 2018-02-22 22:42:43

Jeff King wrote:
All of that said, I think the current code is quite dangerous already,
and maybe even broken.  upload-pack may run sub-commands like rev-list
or pack-objects, which are themselves builtins.
Sounds like more commands to set the IGNORE_PAGER_CONFIG flag for in
git.c.

Thanks for looking this over thoughtfully.

[...]
I couldn't quite get it to work, but I think it's because I'm doing
something wrong with the submodules. But I also think this attack would
_have_ to be done over ssh, because on a local system the submodule
clone would a hard-link rather than a real fetch.
What happens if the submodule URL starts with file://?

Thanks,
Jonathan
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help