diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-05-20 20:22:03 +0000 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-05-21 12:33:08 -0700 |
| commit | c8f64781c8b3d44ecb57d14fbffcdbf063583812 (patch) | |
| tree | d59d36df1e6bce63313093664b19f8f2e028ab16 /builtin/commit-graph.c | |
| parent | 75631a3cd84887657c634a35d1095f4a0884e48a (diff) | |
tests: verify that `clone -c core.hooksPath=/dev/null` works again
As part of the protections added in Git v2.45.1 and friends,
repository-local `core.hooksPath` settings are no longer allowed, as a
defense-in-depth mechanism to prevent future Git vulnerabilities to
raise to critical level if those vulnerabilities inadvertently allow the
repository-local config to be written.
What the added protection did not anticipate is that such a
repository-local `core.hooksPath` can not only be used to point to
maliciously-placed scripts in the current worktree, but also to
_prevent_ hooks from being called altogether.
We just reverted the `core.hooksPath` protections, based on the Git
maintainer's recommendation in
https://lore.kernel.org/git/xmqq4jaxvm8z.fsf@gitster.g/ to address this
concern as well as related ones. Let's make sure that we won't regress
while trying to protect the clone operation further.
Reported-by: Brooke Kuhlmann <brooke@alchemists.io>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/commit-graph.c')
0 files changed, 0 insertions, 0 deletions