You can download a directory containing a script, cd into that repo and less the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hsbauauvhabzb on April 13, 2022 \| parent \| context \| favorite \| on: Git security vulnerability announced You can download a directory containing a script, cd into that repo and less the file. ‘cd foo’ should never trigger arbitrary command execution. Ever. Containerisation wouldn’t solve this, bash or similar would almost always be fun with near limitless boundaries.

reegnz on April 13, 2022 [–]

I beg to disagree. I like my https://direnv.net/

As long as it's strictly opt-in, it's fine. But it needs to be opt-in to be secure.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact