diff options
author | Jeff King <peff@peff.net> | 2019-08-29 15:08:42 -0400 |
---|---|---|
committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-12-04 13:20:04 +0100 |
commit | a52ed76142f6e8d993bb4c50938a408966eb2b7c (patch) | |
tree | 9603df337bf43eec5d4998d44f5c3293661950d2 /Documentation | |
parent | fast-import: disallow "feature export-marks" by default (diff) | |
download | tgif-a52ed76142f6e8d993bb4c50938a408966eb2b7c.tar.xz |
fast-import: disallow "feature import-marks" by default
As with export-marks in the previous commit, import-marks can access the
filesystem. This is significantly less dangerous than export-marks
because it only involves reading from arbitrary paths, rather than
writing them. However, it could still be surprising and have security
implications (e.g., exfiltrating data from a service that accepts
fast-import streams).
Let's lump it (and its "if-exists" counterpart) in with export-marks,
and enable the in-stream version only if --allow-unsafe-features is set.
Signed-off-by: Jeff King <peff@peff.net>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/git-fast-import.txt | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Documentation/git-fast-import.txt b/Documentation/git-fast-import.txt index fbb3f914f2..ff71fc2962 100644 --- a/Documentation/git-fast-import.txt +++ b/Documentation/git-fast-import.txt @@ -57,7 +57,8 @@ OPTIONS allowing fast-import to access the filesystem outside of the repository). These options are disabled by default, but can be allowed by providing this option on the command line. This - currently impacts only the `feature export-marks` command. + currently impacts only the `export-marks`, `import-marks`, and + `import-marks-if-exists` feature commands. + Only enable this option if you trust the program generating the fast-import stream! This option is enabled automatically for |