On Wed, Mar 20, 2013 at 12:48:06PM -0400, Jeff King wrote:
> Kind of gross, but I guess it is useful to some people.

Yes it is. The questions is if it's gross enough to never
leave my computer, or if someone else can find this useful.

> > +__git_recursive_stat ()
> > +{
> > +   if test ! -e /tmp/gitbash.lock
> > +   then
> > +           touch /tmp/gitbash.lock
> This is a tmp-race security hole. E.g., do:
>   ln -s /etc/nologin /tmp/gitbash.lock
> as a user; when root runs __git_recursive_stat, it will create
> /etc/nologin. It's not quite as bad as some other holes, because we only
> "touch" the file, not overwrite its contents, but you can see that it's
> possible to do some mischief.
> Should this maybe just be ~/.gitbash.lock or something?

Thank you! I totally missed that.

I guess a new solution would be to keep an access time-stamp in each
repository and with certain intervall run git status on that repository.

Med vänliga hälsningar
Fredrik Gustafsson

tel: 0733-608274
e-post: iv...@iveqy.com
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to