You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The command set as fsmonitor value gets executed when issuing several git commands, including the final git checkout . made by git-dumper to rebuild the worktree.
Here is a simple method to create such git-trap locally to test its behavior:
There are several other configuration variables that could be used to achieve similar results (sshCommand, askPass, editor, pager and there could be more).
Solve the problem
A way to protect ourselves from this kind of thing is to check the config file for dangerous configuration variables (which everyone should do manually anyways) and comment them automatically before running any git command.
The text was updated successfully, but these errors were encountered:
I recently came across a weird
.git/config
file against which this tool is totally vulnerable.The command set as
fsmonitor
value gets executed when issuing several git commands, including the finalgit checkout .
made bygit-dumper
to rebuild the worktree.Here is a simple method to create such git-trap locally to test its behavior:
There are several other configuration variables that could be used to achieve similar results (
sshCommand
,askPass
,editor
,pager
and there could be more).Solve the problem
A way to protect ourselves from this kind of thing is to check the config file for dangerous configuration variables (which everyone should do manually anyways) and comment them automatically before running any
git
command.The text was updated successfully, but these errors were encountered: