Andreas Ericsson wrote: > > It's already there but in a different format. Adding "if (!strict)" to > the previously unconditional 'chdir(".git");' won't change that. > > Like I said, I made sure everything that worked before works now too. > >> Under strict-path, I think not doing any DWIM like this is fine, >> but otherwise I suspect changing this would break existing >> remotes/origin file people may have. In addition enter_repo() >> as posted does its own DWIM to chdir to ".git" unconditionally >> as I pointed out... > > DWIM? That's an acronym I don't know. > DWIM = "Do What I Mean", i.e. program trying to be clever. A (usually) good thing for usability, a very bad thing for security. In particular, DWIM is bad for security when you have a flow like: user input -> security check -> DWIM ... which lets the user subvert the security check by knowing how the DWIM will mangle the input. What's worse, programmers like yourself frequently say "oh, it's okay, though, I know what the DWIM does and it can't break the security checks I do." Well, then someone comes along and changes either the security checks (e.g. add a blacklist), or the DWIM, or both. Security hole opens. Therefore, the flow must *ALWAYS* be: user input -> DWIM -> security check Your patch re-introduces the incorrect flow. -hpa - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Sat Nov 19 07:43:38 2005
This archive was generated by hypermail 2.1.8 : 2005-11-19 07:43:43 EST