Merge branch 'ownership-checks-in-local-clones' - user/sven/git.git

diff options

author	Johannes Schindelin <johannes.schindelin@gmx.de>	2024-04-13 00:28:19 +0200
committer	Johannes Schindelin <johannes.schindelin@gmx.de>	2024-04-19 12:38:32 +0200
commit	9e65df5eab274bf74c7b570107aacd1303a1e703 (patch)
tree	dcb37ff85f47139aba0a39b166feda0a4dd87497 /builtin/commit.c
parent	2b3d38a6b12ffc949c98eaacd67e8e383c847529 (diff)
parent	1204e1a824c34071019fe106348eaa6d88f9528d (diff)

Merge branch 'ownership-checks-in-local-clones'

This topic addresses two CVEs: - CVE-2024-32020: Local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. - CVE-2024-32021: When cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the objects/ directory. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Diffstat (limited to 'builtin/commit.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: