From 3138bd7b544741e53192553e530186133f6b5847 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 13 Aug 2023 09:52:31 +0200 Subject: [PATCH] vcs: gitconfig: don't execute arbitrary commands from embedded bare repositories --- vcs/gitconfig.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vcs/gitconfig.in b/vcs/gitconfig.in index 7476a82..9efa884 100644 --- a/vcs/gitconfig.in +++ b/vcs/gitconfig.in @@ -254,6 +254,11 @@ # Sort tags as version numbers sort = version:refname +[safe] + # Ignore embedded bare repositories to prevent executing arbitrary + # commands from untrusted repositories + bareRepository = explicit + # NON-GIT SETTINGS -- 2.45.2