back to article Git for Windows issues update to fix running-someone-else’s-code vuln

After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows. A variety of releases were emitted by the team. These include the latest maintenance release, 2.35.2, along with updates for older maintenance tracks (v2.30.3, v2.31.2, v2.32.1, v2.33.2 …

  1. sabroni Silver badge
    Trollface

    I guess this is what happens

    when linux devs get access to a slightly more sophisticated permissions system?

  2. david 12 Silver badge

    Since some configuration variables (such as core.fsmonitor) cause Git to execute arbitrary commands, this can lead to arbitrary command execution when working on a shared machine.”

    Git runs arbitrary commands from arbitrary locations.

    Yes, it you want per-user config, it should be stored in protected per-user storage, and it you want arbitrary commands, they should be in trusted locations,

    In a properly configured native program, the trusted locations would also be configured in trusted per-user storage. But the world does seem to be drifting away from properly configured multi-user PCs: most of my users consider 'sharing a PC' to be on a level with 'sharing a toothbrush' or 'sharing underwear'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022