From: Johannes Schindelin <redacted>
Date: Mon, 16 Sep 2019 11:26:40 +0000 (+0200)
Subject: Merge branch 'disallow-dotgit-via-ntfs-alternate-data-streams'
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=7f3551dd686e2237490c17946335a675c4f59881;p=git.git

Merge branch 'disallow-dotgit-via-ntfs-alternate-data-streams'

This patch series plugs an attack vector we had overlooked in our
December 2014 work on `core.protectNTFS`.

Essentially, the path `.git::$INDEX_ALLOCATION/config` is interpreted as
`.git/config` when NTFS Alternate Data Streams are available (which they
are on Windows, and at least on network shares that are SMB-mounted on
macOS).

Needless to say: we don't want that.

In fact, we want to stay on the very safe side and not even special-case
the `$INDEX_ALLOCATION` stream type: let's just prevent Git from
touching _any_ explicitly specified Alternate Data Stream of `.git`.

In essence, we'll prevent Git from tracking, or writing to, any path
with a segment of the form `.git:<anything>`.

Signed-off-by: Johannes Schindelin <redacted>
---

7f3551dd686e2237490c17946335a675c4f59881