vcs: gitconfig: don't execute arbitrary commands from embedded bare repositories

author Simon Ruderich <simon@ruderich.org>

Sun, 13 Aug 2023 07:52:31 +0000 (09:52 +0200)

committer Simon Ruderich <simon@ruderich.org>

Sun, 13 Aug 2023 07:52:31 +0000 (09:52 +0200)
author Simon Ruderich <simon@ruderich.org>
Sun, 13 Aug 2023 07:52:31 +0000 (09:52 +0200)
committer Simon Ruderich <simon@ruderich.org>
Sun, 13 Aug 2023 07:52:31 +0000 (09:52 +0200)
diff --git a/vcs/gitconfig.in b/vcs/gitconfig.in

index 7476a829397b259d6a28f8c15674c63ec66b1a01..9efa88498075b078b7cdbd84a85667574700419e 100644 (file)
--- a/vcs/gitconfig.in
+++ b/vcs/gitconfig.in
@@ -254,6 +254,11 @@
         # Sort tags as version numbers
         sort = version:refname
  
+[safe]
+       # Ignore embedded bare repositories to prevent executing arbitrary
+       # commands from untrusted repositories
+       bareRepository = explicit
+
  
  # NON-GIT SETTINGS
author	Simon Ruderich <simon@ruderich.org>
	Sun, 13 Aug 2023 07:52:31 +0000 (09:52 +0200)
committer	Simon Ruderich <simon@ruderich.org>
	Sun, 13 Aug 2023 07:52:31 +0000 (09:52 +0200)