Co to jest safe.directory git ?
0
0
Bezpieczna ścieżka ( ͡° ͜ʖ ͡°)
0
A co mówi dokumentacja GIT'a?
0
co to ma wspólnego z Java?
2
Pewna kwestia związana z bezpieczeństwem.
This vulnerability affects users working on multi-user machines where a malicious actor could create a .git directory in a shared location above a victim’s current working directory. On Windows, for example, an attacker could create C:.git\config, which would cause all git invocations that occur outside of a repository to read its configured values.
Since some configuration variables (such as core.fsmonitor) cause Git to execute arbitrary commands, this can lead to arbitrary command
execution when working on a shared machine.
The most effective way to protect against this vulnerability is to upgrade to Git v2.35.2. This version changes Git’s behavior when looking for a top-level .git directory to stop when its directory traversal changes ownership from the current user. (If you wish to make an exception to this behavior, you can use the new multi-valued safe.directory configuration).
https://github.blog/2022-04-12-git-security-vulnerability-announced/#cve-2022-24765
https://weblog.west-wind.com/posts/2023/Jan/05/Fix-that-damn-Git-Unsafe-Repository