Even after reading the full disclosure link, I'm pretty surprised to learn that ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		SpicyLemonZest on April 13, 2022 \| parent \| context \| favorite \| on: Git security vulnerability announced Even after reading the full disclosure link, I'm pretty surprised to learn that a security boundary was intended here. I thought it was common knowledge that git did an uncontrolled search up the filesystem for a .git file, and it would never have occurred to me to run git on a machine where people I don't trust have write access.

Dylan16807 on April 13, 2022 [–]

I was vaguely aware that git would search for .git directories. I had no idea that "git status" would run commands from such a directory.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact