diff options
author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-09-16 13:26:40 +0200 |
---|---|---|
committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-12-05 15:37:07 +0100 |
commit | 7f3551dd686e2237490c17946335a675c4f59881 (patch) | |
tree | 00b0bb3ed0584501a3638e7eaaf28d29bc792cf6 /t/perf | |
parent | Merge branch 'prevent-name-squatting-on-windows' (diff) | |
parent | path: also guard `.gitmodules` against NTFS Alternate Data Streams (diff) | |
download | tgif-7f3551dd686e2237490c17946335a675c4f59881.tar.xz |
Merge branch 'disallow-dotgit-via-ntfs-alternate-data-streams'
This patch series plugs an attack vector we had overlooked in our
December 2014 work on `core.protectNTFS`.
Essentially, the path `.git::$INDEX_ALLOCATION/config` is interpreted as
`.git/config` when NTFS Alternate Data Streams are available (which they
are on Windows, and at least on network shares that are SMB-mounted on
macOS).
Needless to say: we don't want that.
In fact, we want to stay on the very safe side and not even special-case
the `$INDEX_ALLOCATION` stream type: let's just prevent Git from
touching _any_ explicitly specified Alternate Data Stream of `.git`.
In essence, we'll prevent Git from tracking, or writing to, any path
with a segment of the form `.git:<anything>`.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 't/perf')
0 files changed, 0 insertions, 0 deletions