What is a scenario where you’d be running git in the subdirectory of one owned b... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dcow on April 13, 2022 \| parent \| context \| favorite \| on: Git security vulnerability announced What is a scenario where you’d be running git in the subdirectory of one owned by a malicious user? Unless a machine is badly configured and administrated, when would one user ever have authority of ownership over /home or /opt or /? And if they have sudo privileges well then they have the authority to do whatever they want. Is this only an issue because of some Windows idiom? I’m somewhat dubious.

dcow on April 13, 2022 [–]

I can think of shell prompt plus exploring /tmp, but the fix for this “vuln” doesn't address that issue and seems to be more of a problem with a prompt that automatically runs git in every directory.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact