git.ipfire.org Git - thirdparty/git.git/commit

author	Jeff King <peff@peff.net>
	Thu, 29 Aug 2019 19:08:42 +0000 (15:08 -0400)
committer	Johannes Schindelin <johannes.schindelin@gmx.de>
	Wed, 4 Dec 2019 12:20:04 +0000 (13:20 +0100)
commit	a52ed76142f6e8d993bb4c50938a408966eb2b7c
tree	9603df337bf43eec5d4998d44f5c3293661950d2	tree \| snapshot
parent	68061e3470210703cb15594194718d35094afdc0	commit \| diff

fast-import: disallow "feature import-marks" by default

As with export-marks in the previous commit, import-marks can access the
filesystem. This is significantly less dangerous than export-marks
because it only involves reading from arbitrary paths, rather than
writing them. However, it could still be surprising and have security
implications (e.g., exfiltrating data from a service that accepts
fast-import streams).

Let's lump it (and its "if-exists" counterpart) in with export-marks,
and enable the in-stream version only if --allow-unsafe-features is set.

Signed-off-by: Jeff King <peff@peff.net>

Documentation/git-fast-import.txt		diff \| blob \| blame \| history
fast-import.c		diff \| blob \| blame \| history
t/t9300-fast-import.sh		diff \| blob \| blame \| history