Closed efi closed 10 years ago
Uh... ungit is just a gui layer on top of git. I don't think it's possible for ungit to have a security flaw. Right?
Not quite right, I think. I consider anybody being able to remotely browse my computer's directory structure and create (within some limits) arbitrary directories and load arbitrary files into that directory (and export my possibly private git repos without my consent),etc. to be a quite seriuos security flaw.
Ah, I see. You're talking about the case where you have enabled access to ungit from remote computers. I'd not thought of that use case.
With an .ungitrc like this:
Anyone can login as "testuser" using any password (except for a blank one)...
This is a serious security flaw!