* Paul Wise <[email protected]>, 2018-02-09, 09:56:
Users might need to re-enable git-remote-ext for their own purposes, so this needs to be fixed in webcheckout.
How would you suggest doing that?

* Blacklist ext::
* Whitelist good remote protocols

For Git (>= 2.12), you can set GIT_PROTOCOL_FROM_USER=0 in environment. Quoting git(1): "this is useful [...] for programs which feed potentially-untrusted URLS to git commands".

If you want to support older versions of Git, I guess you should mimic what GIT_PROTOCOL_FROM_USER=0 does by default, i.e. whitelist known-good protocols.

How should it handle the bad remotes?

I think printing the whole suspicious URL would make sense.

webcheckout is also susceptible to option injection, but I couldn't find a way to exploit it for anything nefarious.
I made a patch for that locally, but I wanted the commit to link to the canonical document about option injection but I cannot find a link. IIRC it includes how to get RCE with tar/cpio/etc option injection. Do you remember where that can be found?

I haven't heard about it.

--
Jakub Wilk

Reply via email to