Files · cb1439c9d32c059ee93216637a6d155306f76ab3 · lvzhengyang / git2

config: validate ownership of C:\ProgramData\Git\config before using it · cb1439c9

When the VirtualStore feature is in effect, it is safe to let random
users write into C:\ProgramData because other users won't see those
files. This seemed to be the case when we introduced support for
C:\ProgramData\Git\config.

However, when that feature is not in effect (which seems to be the case
in newer Windows 10 versions), we'd rather not use those files unless
they come from a trusted source, such as an administrator.

This change imitates the strategy chosen by PowerShell's native OpenSSH
port to Windows regarding host key files: if a system file is owned
neither by an administrator, a system account, or the current user, it
is ignored.

committed Aug 13, 2019

cb1439c9

Name	Last commit	Last update
.github		Loading commit data...
azure-pipelines		Loading commit data...
cmake/Modules		Loading commit data...
deps		Loading commit data...
docs		Loading commit data...
examples		Loading commit data...
fuzzers		Loading commit data...
include		Loading commit data...
script		Loading commit data...
src		Loading commit data...
tests		Loading commit data...
.HEADER		Loading commit data...
.editorconfig		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
AUTHORS		Loading commit data...
CMakeLists.txt		Loading commit data...
COPYING		Loading commit data...
README.md		Loading commit data...
SECURITY.md		Loading commit data...
api.docurium		Loading commit data...
azure-pipelines.yml		Loading commit data...
git.git-authors		Loading commit data...
libgit2.pc.in		Loading commit data...
package.json		Loading commit data...

README.md