Re: [PATCH] Set up argv0_path correctly, even when argv[0] is just the basename

[Rene Herman <rene.herman@keyaccess.nl>]

On 26-07-08 17:10, Johannes Schindelin wrote:
> Hi,
> 
> On Sat, 26 Jul 2008, Rene Herman wrote:
> 
>> On 26-07-08 16:14, Johannes Schindelin wrote:
>>
>>> When the program 'git' is in the PATH, the argv[0] is set to the
>>> basename. However, argv0_path needs the full path, so add a function
>>> to discover the program by traversing the PATH manually.
>> While not having read the context for this, this ofcourse sounds like a huge
>> gaping race-condition. If applicable here (as said, did not read context) you
>> generally want to make sure that there's no window that a path could be
>> replaced -- while perhaps not here, that's often the kind of thing that
>> security attacks end up abusing.
> 
> Yeah, and that's why you would carefully time your attack just in between 
> the command invocation and the discovery of argv[0] in the PATH.
> 
> Rather than replacing the 'git' program with an infected version right 
> away.

Adding to the PATH is generally not disallowed by user level security. 
Replacing the GIT binary generally is.

Sure maybe it's not much of a problem here; as said, I didn't read the 
context and am not a GIT person. Just commented on a git-user list when 
this was the next message on the list. Though a heads-up might still be 
in order. If it wasn't useful -- so be it, but even making a command do 
something different than a user expected can have serious implications, 
for example in this case for the tree they are working on.

Rene.