1. 12
  1. 3

    TL;DR: a user with admin can run code on your computer

    1. 5

      It’s somewhat worse than that: a non-admin user can run code (as you) on your computer if it uses the defaults on Windows. c:\ is world writable by default 😞

      1. 2

        And any shared location for git repositories where multiple users have write access could allow one of the users to hijack the account of any of them.

      2. 3

        It’s worse than that. If you run git commands in a directory, anyone with write access to any directory higher up the tree than that can run arbitrary code as your user. If, like me, you have your $PS1 set to run some git status / git remote commands so that your prompt can tell you what git remote tree you’re working with and what branch you’re on, then just cd into a directory where a malicious user has write access somewhere up the tree can run arbitrary code as that user. Even without that, if someone can ask you to run git status on a tree that they control, they can run arbitrary code as your user.