Comment by caust1c
6 days ago
Yes, unfortunately it's pretty trivial. Any time arbitrary file write is possible, RCE is usually possible too.
6 days ago
Yes, unfortunately it's pretty trivial. Any time arbitrary file write is possible, RCE is usually possible too.
Could this be mitigated by moving .git out of work tree directory and using unprivileged process that only has access to work tree directory to do all the file manipulation?