Jeff King wrote:
> All of that said, I think the current code is quite dangerous already,
> and maybe even broken. upload-pack may run sub-commands like rev-list
> or pack-objects, which are themselves builtins.
Sounds like more commands to set the IGNORE_PAGER_CONFIG flag for in
Thanks for looking this over thoughtfully.
> I couldn't quite get it to work, but I think it's because I'm doing
> something wrong with the submodules. But I also think this attack would
> _have_ to be done over ssh, because on a local system the submodule
> clone would a hard-link rather than a real fetch.
What happens if the submodule URL starts with file://?