On 03/09/2014 10:57 PM, Julian Brost wrote:
On 07.03.2014 22:04, Jeff King wrote:
Yes, this is a well-known issue. The only safe operation on a
repository for which somebody else controls hooks and config is to
fetch from it (upload-pack on the remote repository does not
respect any dangerous co
Julian Brost writes:
> On 07.03.2014 22:04, Jeff King wrote:
>>
>> If you want to work on it, I think it's an interesting area. But
>> any development would need to think about the transition plan for
>> existing sites that will be broken.
>
> I can understand the problem with backward compatibi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07.03.2014 22:04, Jeff King wrote:
> Yes, this is a well-known issue. The only safe operation on a
> repository for which somebody else controls hooks and config is to
> fetch from it (upload-pack on the remote repository does not
> respect any da
On Thu, Mar 06, 2014 at 10:47:43PM +0100, Julian Brost wrote:
> I've noticed some behavior of git that might lead to some security
> issues if the user is not aware of this.
>
> Assume we have an evil user on a system, let's call him eve. He
> prepares a repository where he allows other user to p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I've noticed some behavior of git that might lead to some security
issues if the user is not aware of this.
Assume we have an evil user on a system, let's call him eve. He
prepares a repository where he allows other user to push changes to.
If
5 matches
Mail list logo
