(dgl.cx)

349 points dgl | 1 comments | 08 Jul 25 17:48 UTC | HN request time: 0.206s | source

Show context

Lockal ◴[08 Jul 25 19:35 UTC] No.44503273[source]▶

"trivial modification of an existing exploit"...

Why git does not use Landlock? I know it is Linux-only, but why? "git clone" should only have r/o access to config directory and r/w to clone directory. And no subprocesses. In every exploit demo: "Yep, <s>it goes to a square hole</s> it launches a calculator".

replies(3): >>44503412 #>>44504345 #>>44506823 #

1. SSLy ◴[08 Jul 25 21:46 UTC] No.44504345[source]▶

>>44503273 #

> And no subprocesses.

have you never used git over ssh?

↑

Breaking Git with a carriage return and cloning RCE