undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e904deb89d
git-commit-vandalism/Documentation
History
Jonathan Nieder e904deb89d submodule: reject submodule.update = !command in .gitmodules 
Since ac1fbbda20 (submodule: do not copy unknown update mode from
.gitmodules, 2013-12-02), Git has been careful to avoid copying

	[submodule "foo"]
		update = !run an arbitrary scary command

from .gitmodules to a repository's local config, copying in the
setting 'update = none' instead.  The gitmodules(5) manpage documents
the intention:

	The !command form is intentionally ignored here for security
	reasons

Unfortunately, starting with v2.20.0-rc0 (which integrated ee69b2a9
(submodule--helper: introduce new update-module-mode helper,
2018-08-13, first released in v2.20.0-rc0)), there are scenarios where
we *don't* ignore it: if the config store contains no
submodule.foo.update setting, the submodule-config API falls back to
reading .gitmodules and the repository-supplied !command gets run
after all.

This was part of a general change over time in submodule support to
read more directly from .gitmodules, since unlike .git/config it
allows a project to change values between branches and over time
(while still allowing .git/config to override things).  But it was
never intended to apply to this kind of dangerous configuration.

The behavior change was not advertised in ee69b2a9's commit message
and was missed in review.

Let's take the opportunity to make the protection more robust, even in
Git versions that are technically not affected: instead of quietly
converting 'update = !command' to 'update = none', noisily treat it as
an error.  Allowing the setting but treating it as meaning something
else was just confusing; users are better served by seeing the error
sooner.  Forbidding the construct makes the semantics simpler and
means we can check for it in fsck (in a separate patch).

As a result, the submodule-config API cannot read this value from
.gitmodules under any circumstance, and we can declare with confidence

	For security reasons, the '!command' form is not accepted
	here.

Reported-by: Joern Schneeweisz <jschneeweisz@gitlab.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
2019-12-06 16:26:58 +01:00
..
howto doc: use https links to avoid http redirect 2017-04-20 22:05:37 -07:00
RelNotes Sync with 2.14.6 2019-12-06 16:26:55 +01:00
technical Merge branch 'hn/string-list-doc' 2017-10-11 14:52:22 +09:00
.gitattributes
.gitignore Documentation: convert SubmittingPatches to AsciiDoc 2017-11-13 13:25:19 +09:00
asciidoc.conf
asciidoctor-extensions.rb Documentation: implement linkgit macro for Asciidoctor 2017-01-31 12:18:18 -08:00
blame-options.txt Merge branch 'bc/blame-doc-fix' 2017-02-24 10:48:08 -08:00
build-docdep.perl
cat-texi.perl Documentation: remove unneeded argument in cat-texi.perl 2017-01-23 10:56:47 -08:00
cmd-list.perl
CodingGuidelines Merge branch 'ab/c-translators-comment-style' into maint 2017-06-05 09:03:10 +09:00
config.txt Merge branch 'sb/blame-config-doc' into maint 2017-11-15 12:04:59 +09:00
date-formats.txt Merge branch 'lr/doc-fix-cet' into maint 2017-01-17 15:19:08 -08:00
diff-config.txt doc: add missing values "none" and "default" for diff.wsErrorHighlight 2017-07-25 14:30:49 -07:00
diff-format.txt Documentation: improve description for core.quotePath 2017-03-02 11:40:51 -08:00
diff-generate-patch.txt Documentation: improve description for core.quotePath 2017-03-02 11:40:51 -08:00
diff-options.txt Merge branch 'cn/diff-indent-no-longer-is-experimental' into maint 2017-11-15 12:05:04 +09:00
docbook-xsl.css
docbook.xsl Documentation: set a !DOCTYPE for user manual 2010-08-20 10:53:56 -07:00
everyday.txto Documentation: fix linkgit references 2016-05-09 15:44:14 -07:00
fetch-options.txt Merge branch 'nd/shallow-deepen' 2016-10-10 14:03:50 -07:00
fix-texi.perl
fmt-merge-msg-config.txt
git-add.txt Merge branch 'mr/doc-negative-pathspec' into maint 2017-10-18 14:19:12 +09:00
git-am.txt Merge branch 'mm/doc-tt' 2016-07-13 11:24:14 -07:00
git-annotate.txt diff: --indent-heuristic is no longer experimental 2017-11-02 14:51:24 +09:00
git-apply.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
git-archimport.txt docs/archimport: quote sourcecontrol.net reference 2017-04-20 22:05:38 -07:00
git-archive.txt
git-bisect-lk2009.txt doc: replace more gmane links 2017-05-09 21:13:13 -07:00
git-bisect.txt git-bisect.txt: add missing word 2017-04-01 11:35:45 -07:00
git-blame.txt diff: --indent-heuristic is no longer experimental 2017-11-02 14:51:24 +09:00
git-branch.txt Merge branch 'jc/branch-force-doc-readability-fix' 2017-10-19 14:45:45 +09:00
git-bundle.txt
git-cat-file.txt doc: fix minor typos (extra/duplicated words) 2017-09-14 15:09:02 +09:00
git-check-attr.txt usage: do not insist that standard input must come from a file 2015-10-16 15:27:52 -07:00
git-check-ignore.txt Documentation: fix linkgit references 2016-05-09 15:44:14 -07:00
git-check-mailmap.txt
git-check-ref-format.txt check-ref-format doc: --branch validates and expands <branch> 2017-10-18 08:01:48 +09:00
git-checkout-index.txt
git-checkout.txt Merge branch 'jc/doc-checkout' into maint 2017-10-18 14:19:14 +09:00
git-cherry-pick.txt Merge branch 'mm/doc-tt' into maint 2016-07-28 11:25:54 -07:00
git-cherry.txt
git-citool.txt
git-clean.txt doc: typeset short command-line options as literal 2016-06-28 08:20:52 -07:00
git-clone.txt clone: add a --no-tags option to clone without tags 2017-05-01 11:09:44 +09:00
git-column.txt
git-commit-tree.txt Merge branch 'mm/doc-tt' into maint 2016-07-28 11:25:54 -07:00
git-commit.txt doc: reformat the paragraph containing the 'cut-line' 2017-07-18 15:04:49 -07:00
git-config.txt config doc: clarify "git config --path" example 2017-10-19 13:52:49 +09:00
git-count-objects.txt count-objects: report alternates via verbose mode 2016-10-10 13:52:37 -07:00
git-credential-cache--daemon.txt
git-credential-cache.txt credential-cache: use XDG_CACHE_HOME for socket 2017-03-17 11:19:40 -07:00
git-credential-store.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-credential.txt Documentation: make AsciiDoc links always point to HTML files 2013-09-06 14:49:06 -07:00
git-cvsexportcommit.txt
git-cvsimport.txt Merge branch 'jk/doc-cvs-update' into maint 2016-10-03 13:22:25 -07:00
git-cvsserver.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
git-daemon.txt doc: typeset HEAD and variants as literal 2016-06-28 08:36:45 -07:00
git-describe.txt describe: teach --match to handle branches and remotes 2017-09-20 13:30:10 +09:00
git-diff-files.txt
git-diff-index.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
git-diff-tree.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-diff.txt diff-files: document --ours etc. 2017-04-13 16:15:25 -07:00
git-difftool.txt Document the --no-gui option in difftool 2017-02-08 13:30:28 -08:00
git-fast-export.txt
git-fast-import.txt fast-import: disallow "feature import-marks" by default 2019-12-04 13:20:04 +01:00
git-fetch-pack.txt upload-pack: optionally allow fetching any sha1 2016-11-18 13:06:14 -08:00
git-fetch.txt Merge branch 'mm/push-social-engineering-attack-doc' 2017-01-10 15:24:24 -08:00
git-filter-branch.txt Merge branch 'dg/filter-branch-filter-order-doc' 2017-10-19 14:45:45 +09:00
git-fmt-merge-msg.txt Documentation/fmt-merge-msg: fix markup in example 2016-10-28 05:51:51 -07:00
git-for-each-ref.txt Merge branch 'jk/ref-filter-colors-fix' into maint 2017-10-18 14:20:43 +09:00
git-format-patch.txt format-patch: have progress option while generating patches 2017-08-14 14:09:45 -07:00
git-fsck-objects.txt
git-fsck.txt fsck: optionally show more helpful info for broken links 2016-07-18 15:15:59 -07:00
git-gc.txt docs/git-gc: fix default value for --aggressiveDepth 2017-02-24 09:59:12 -08:00
git-get-tar-commit-id.txt
git-grep.txt Merge branch 'mr/doc-negative-pathspec' into maint 2017-10-18 14:19:12 +09:00
git-gui.txt doc: git-gui browser does not default to HEAD 2017-01-13 12:23:28 -08:00
git-hash-object.txt
git-help.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-http-backend.txt doc: more consistency in environment variables format 2016-06-08 12:04:37 -07:00
git-http-fetch.txt
git-http-push.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-imap-send.txt
git-index-pack.txt index-pack: add --max-input-size=<size> option 2016-08-24 12:31:05 -07:00
git-init-db.txt
git-init.txt init: document dotfiles exclusion on template copy 2017-02-17 15:57:21 -08:00
git-instaweb.txt doc: change configuration variables format 2016-06-08 12:04:55 -07:00
git-interpret-trailers.txt Merge branch 'jk/trailers-parse' 2017-08-26 22:55:04 -07:00
git-log.txt Merge branch 'mj/log-show-signature-conf' 2016-07-11 10:31:08 -07:00
git-ls-files.txt Merge branch 'mm/ls-files-s-doc' 2017-04-16 23:29:30 -07:00
git-ls-remote.txt
git-ls-tree.txt Documentation: improve description for core.quotePath 2017-03-02 11:40:51 -08:00
git-mailinfo.txt Merge branch 'va/mailinfo-doc-typofix' into maint 2016-05-26 13:17:14 -07:00
git-mailsplit.txt mailsplit: support unescaping mboxrd messages 2016-06-06 11:14:43 -07:00
git-merge-base.txt merge-base --fork-point doc: clarify the example and failure modes 2017-11-09 12:28:30 +09:00
git-merge-file.txt
git-merge-index.txt
git-merge-one-file.txt
git-merge-tree.txt
git-merge.txt Merge branch 'wk/merge-options-gpg-sign-doc' 2017-10-19 14:45:43 +09:00
git-mergetool--lib.txt
git-mergetool.txt mergetool: honor -O<orderfile> 2016-10-11 10:04:31 -07:00
git-mktag.txt
git-mktree.txt doc: typeset short command-line options as literal 2016-06-28 08:20:52 -07:00
git-mv.txt doc: typeset short command-line options as literal 2016-06-28 08:20:52 -07:00
git-name-rev.txt name-rev: add support to exclude refs by pattern match 2017-01-23 18:33:17 -08:00
git-notes.txt doc: fix minor typos (extra/duplicated words) 2017-09-14 15:09:02 +09:00
git-p4.txt Merge branch 'ls/p4-retry-thrice' 2017-01-18 15:12:12 -08:00
git-pack-objects.txt Doc: clarify that pack-objects makes packs, plural 2017-08-23 10:39:41 -07:00
git-pack-redundant.txt
git-pack-refs.txt
git-parse-remote.txt
git-patch-id.txt doc: remove unsupported parameter from patch-id 2017-07-28 14:41:32 -07:00
git-prune-packed.txt
git-prune.txt
git-pull.txt Merge branch 'sb/pull-rebase-submodule' 2017-07-13 16:14:54 -07:00
git-push.txt Merge branch 'ma/parse-maybe-bool' 2017-08-22 10:29:03 -07:00
git-quiltimport.txt doc: more consistency in environment variables format 2016-06-08 12:04:37 -07:00
git-read-tree.txt Merge branch 'jk/doc-read-tree-table-asciidoctor-fix' into maint 2017-10-18 14:19:11 +09:00
git-rebase.txt Merge branch 'js/rebase-i-final' 2017-10-03 15:42:47 +09:00
git-receive-pack.txt refs: reject ref updates while GIT_QUARANTINE_PATH is set 2017-04-16 18:19:18 -07:00
git-reflog.txt
git-remote-ext.txt
git-remote-fd.txt Spelling fixes 2016-08-11 14:35:42 -07:00
git-remote-helpers.txto
git-remote-testgit.txt
git-remote.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-repack.txt repack: accept --threads=<n> and pass it down to pack-objects 2017-04-27 08:09:25 +09:00
git-replace.txt doc: change environment variables format 2016-06-08 12:04:37 -07:00
git-request-pull.txt
git-rerere.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
git-reset.txt Spelling fixes 2017-06-27 10:35:49 -07:00
git-rev-list.txt
git-rev-parse.txt Merge branch 'sb/rev-parse-show-superproject-root' 2017-10-28 10:18:40 +09:00
git-revert.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-rm.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
git-send-email.txt Merge branch 'xz/send-email-batch-size' 2017-07-06 18:14:46 -07:00
git-send-pack.txt Merge branch 'ma/parse-maybe-bool' 2017-08-22 10:29:03 -07:00
git-sh-i18n--envsubst.txt
git-sh-i18n.txt
git-sh-setup.txt doc: more consistency in environment variables format 2016-06-08 12:04:37 -07:00
git-shell.txt shell: drop git-cvsserver support by default 2017-09-12 11:05:58 +09:00
git-shortlog.txt shortlog: test and document --committer option 2016-12-16 09:39:10 -08:00
git-show-branch.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-show-index.txt
git-show-ref.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-show.txt
git-stage.txt
git-stash.txt stash: update documentation to use 'stash entry' 2017-06-18 22:16:36 -07:00
git-status.txt Merge branch 'mr/doc-negative-pathspec' into maint 2017-10-18 14:19:12 +09:00
git-stripspace.txt
git-submodule.txt Merge branch 'sb/submodule-doc' 2017-07-12 15:18:21 -07:00
git-svn.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
git-symbolic-ref.txt
git-tag.txt Merge branch 'jk/ref-filter-colors-fix' into maint 2017-10-18 14:20:43 +09:00
git-tools.txt doc: replace or.cz gitwiki link with git.wiki.kernel.org 2017-04-20 22:05:37 -07:00
git-unpack-file.txt
git-unpack-objects.txt unpack-objects: add --max-input-size=<size> option 2016-08-24 12:31:05 -07:00
git-update-index.txt Merge branch 'ez/doc-duplicated-words-fix' 2017-09-25 15:24:06 +09:00
git-update-ref.txt
git-update-server-info.txt
git-upload-archive.txt
git-upload-pack.txt upload-pack.c: use parse-options API 2016-05-31 10:17:20 -07:00
git-var.txt
git-verify-commit.txt Merge branch 'dn/gpg-doc' into maint 2016-07-06 13:06:36 -07:00
git-verify-pack.txt
git-verify-tag.txt builtin/verify-tag: add --format to verify-tag 2017-01-17 16:10:22 -08:00
git-web--browse.txt doc: typeset long command-line options as literal 2016-06-28 08:36:45 -07:00
git-whatchanged.txt
git-worktree.txt worktree add: add --lock option 2017-04-20 17:59:02 -07:00
git-write-tree.txt
git.txt mingw: document the standard handle redirection 2017-11-02 11:19:44 +09:00
gitattributes.txt Documentation: mention that eol can change the dirty status of paths 2017-09-07 08:57:54 +09:00
gitcli.txt stash: update documentation to use 'stash entry' 2017-06-18 22:16:36 -07:00
gitcore-tutorial.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
gitcredentials.txt credential doc: make multiple-helper behavior more prominent 2017-05-02 10:58:06 +09:00
gitcvs-migration.txt Merge branch 'sb/doc-unify-bottom' 2017-02-15 12:54:20 -08:00
gitdiffcore.txt docs/diffcore: unquote "Complete Rewrites" in headers 2017-02-28 11:34:38 -08:00
giteveryday.txt giteveryday: unbreak rendering with AsciiDoctor 2017-01-07 14:03:40 -08:00
gitglossary.txt Documentation: unify bottom "part of git suite" lines 2017-02-09 15:14:01 -08:00
githooks.txt Merge branch 'sb/merge-commit-msg-hook' 2017-09-29 11:23:42 +09:00
gitignore.txt doc: change configuration variables format 2016-06-08 12:04:55 -07:00
gitk.txt Merge branch 'sb/remove-gitview' 2017-01-18 15:12:18 -08:00
gitmodules.txt submodule: reject submodule.update = !command in .gitmodules 2019-12-06 16:26:58 +01:00
gitnamespaces.txt doc: mention transfer data leaks in more places 2016-11-14 11:23:07 -08:00
gitremote-helpers.txt fix minor typos 2017-05-01 11:01:52 +09:00
gitrepository-layout.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
gitrevisions.txt doc: gitrevisions - clarify 'latter case' is revision walk 2016-08-13 19:36:44 -07:00
gitsubmodules.txt submodules: overhaul documentation 2017-06-22 15:25:25 -07:00
gittutorial-2.txt Documentation: unify bottom "part of git suite" lines 2017-02-09 15:14:01 -08:00
gittutorial.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00
gitweb.conf.txt doc: use https links to avoid http redirect 2017-04-20 22:05:37 -07:00
gitweb.txt doc: use https links to Wikipedia to avoid http redirects 2017-05-15 13:04:54 +09:00
gitworkflows.txt Documentation: unify bottom "part of git suite" lines 2017-02-09 15:14:01 -08:00
glossary-content.txt Merge branch 'mr/doc-negative-pathspec' into maint 2017-10-18 14:19:12 +09:00
howto-index.sh
i18n.txt doc: camelCase the i18n config variables to improve readability 2017-07-17 15:11:26 -07:00
install-doc-quick.sh
install-webdoc.sh
line-range-format.txt
lint-gitlink.perl ci: validate "linkgit:" in documentation 2016-05-10 11:15:04 -07:00
mailmap.txt Merge branch 'jk/mailmap-from-blob' 2013-01-05 23:41:42 -08:00
Makefile Documentation: convert SubmittingPatches to AsciiDoc 2017-11-13 13:25:19 +09:00
manpage-1.72.xsl
manpage-base-url.xsl.in
manpage-base.xsl
manpage-bold-literal.xsl
manpage-normal.xsl
manpage-quote-apos.xsl
manpage-suppress-sp.xsl
merge-config.txt doc: change environment variables format 2016-06-08 12:04:37 -07:00
merge-options.txt Merge branch 'wk/merge-options-gpg-sign-doc' 2017-10-19 14:45:43 +09:00
merge-strategies.txt merge-strategies: avoid implying that "-s theirs" exists 2017-09-25 14:34:23 +09:00
pretty-formats.txt Merge branch 'jk/trailers-parse' 2017-08-26 22:55:04 -07:00
pretty-options.txt Merge branch 'tr/doc-tt' into maint 2016-07-06 13:06:34 -07:00
pull-fetch-param.txt fetch doc: src side of refspec could be full SHA-1 2017-10-18 05:59:34 +09:00
rev-list-options.txt Merge branch 'sg/rev-list-doc-reorder-fix' 2017-10-28 10:18:42 +09:00
revisions.txt Merge branch 'vn/revision-shorthand-for-side-branch-log' 2017-04-19 21:37:25 -07:00
sequencer.txt
SubmittingPatches Merge branch 'bc/submitting-patches-in-asciidoc' into maint 2017-12-06 09:08:59 -08:00
texi.xsl Documentation: add XSLT to fix DocBook for Texinfo 2017-01-23 10:56:53 -08:00
transfer-data-leaks.txt doc: mention transfer data leaks in more places 2016-11-14 11:23:07 -08:00
urls-remotes.txt
urls.txt
user-manual.conf
user-manual.txt treewide: correct several "up-to-date" to "up to date" 2017-08-23 12:17:22 -07:00