Sign in / up

back to article Git for Windows issues update to fix running-someone-else’s-code vuln

After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows. A variety of releases were emitted by the team. These include the latest maintenance release, 2.35.2, along with updates for older maintenance tracks (v2.30.3, v2.31.2, v2.32.1, v2.33.2 …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. sabroni Silver badge
    Trollface

    I guess this is what happens

    when linux devs get access to a slightly more sophisticated permissions system?

    0 0 Reply
  2. david 12 Silver badge

    Since some configuration variables (such as core.fsmonitor) cause Git to execute arbitrary commands, this can lead to arbitrary command execution when working on a shared machine.”

    Git runs arbitrary commands from arbitrary locations.

    Yes, it you want per-user config, it should be stored in protected per-user storage, and it you want arbitrary commands, they should be in trusted locations,

    In a properly configured native program, the trusted locations would also be configured in trusted per-user storage. But the world does seem to be drifting away from properly configured multi-user PCs: most of my users consider 'sharing a PC' to be on a level with 'sharing a toothbrush' or 'sharing underwear'.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like