Quoting Florian Weimer (2015-12-10 03:40:39) > * Jonas Smedegaard: > > > git-repair uses /tmp/tmprepo.0/.git/ which is clearly static, and I > > believe therefore (on non-hardened systems) insecure. > > I think it does mkdir and if it fails, it tries again with > /tmp/tmprepo.1, /tmp/tmrepo.2, and so on. I'm not sure you can abuse > this and fool git-repair into using a pre-existing directory with mode > 777. At least not with non-historic NFS.
I had write access to the git I repaired and its outer dir. Consecutive runs reused same path. Could you please elaborate which situations you believe users will get a random tmpdir and what users are expected to do to ensure they do not automatically and without a warning get an easy guessable path in the public manipulatable /tmp? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
