Analyzing Git Clone Vulnerability. A new Git version, 2.30.2, fixes a security vulnerability in Git large file storage (LFS) and other clean/smudge filters affecting Git 2.15 and newer. According to GitHub, if upgrading Git to version 2.30.2 is not an option, users can mitigate their risk in three ways.
A new Git version, 2.30.2, fixes a security vulnerability in Git large file storage (LFS) and other clean/smudge filters affecting Git 2.15 and newer.
These updates address an issue where a specially crafted repository can execute code during a git clone on case-insensitive file systems which support symbolic links by abusing certain types of clean/smudge filters, like those configured by Git LFS.
Filed under CVE ID CVE-2021-21300, the vulnerability is of special concern for all users of Windows and macOS systems, which default to using case-insensitive file systems. It can however affect any system, including Linux, that uses a case-insensitive file system to checkout a Git repository.
Python programmer Foone Turing provided a detailed analysis of the vulnerability in a rather long and detailed Twitter thread. In a nutshell, the exploit requires two steps: getting the
lstat cache into an invalid state and reordering checkout operations. One way to get the cache into an invalid state is by abusing a case-insensitive file system by causing a filename collision. Reordering checkout can be accomplished by using a clean/smudge filter with delayed checkout, of which Git LFS is the most notable example. These are the two ingredients that make the exploit possible.
Представляете, как выглядит Windows или macOS, а может даже узнаете пару-тройку Linux-дистрибутивов? Давайте проверим, так ли это :)
The hosts file is used to map domain names (hostnames) to IP addresses. It is a plain-text file used by all operating systems. In this article, we’ll provide instructions about how to modify the hosts file on Linux, macOS and Windows.
Before you can start making super awesome apps in NodeJS, you have to install it. Fortunately, installing NodeJS is super simple. In this tutorial we will cover how to install NodeJS/NPM in * macOS/linux * Windows Once you install NodeJS/NPM, you can easily upgrade/downgrade to any Node version with one command. The following video tutorial shows you how to download NodeJS on your machine. Installation guide for Mac OS & Linux Open a new terminal. Type the following and hit enter: curl -o
In this video, we are going to download the Git on a local machine.
This article is all about my journey on switching from Windows 10 to Linux Mint 20, how I got easily adapted to the Linux environment, and some resources that helped me to set up a perfect Desktop environment.