It’s somewhat worse than that: a non-admin user can run code (as you) on your computer if it uses the defaults on Windows. c:\ is world writable by default 😞
It’s worse than that. If you run git commands in a directory, anyone with write access to any directory higher up the tree than that can run arbitrary code as your user. If, like me, you have your $PS1 set to run some git status / git remote commands so that your prompt can tell you what git remote tree you’re working with and what branch you’re on, then just cd into a directory where a malicious user has write access somewhere up the tree can run arbitrary code as that user. Even without that, if someone can ask you to run git status on a tree that they control, they can run arbitrary code as your user.
TL;DR: a user with admin can run code on your computer
It’s somewhat worse than that: a non-admin user can run code (as you) on your computer if it uses the defaults on Windows.
c:\is world writable by default 😞And any shared location for git repositories where multiple users have write access could allow one of the users to hijack the account of any of them.
It’s worse than that. If you run git commands in a directory, anyone with write access to any directory higher up the tree than that can run arbitrary code as your user. If, like me, you have your
$PS1set to run somegit status/git remotecommands so that your prompt can tell you what git remote tree you’re working with and what branch you’re on, then justcdinto a directory where a malicious user has write access somewhere up the tree can run arbitrary code as that user. Even without that, if someone can ask you to rungit statuson a tree that they control, they can run arbitrary code as your user.