Hacker Newsnew | comments | ask | jobs | submitlogin
haldean 453 days ago | link | parent

You don't need to extend git; the git command "git $FOO" just runs the command git-$FOO; git-commit, git-add, etc. are the binaries that do a lot of the work. In this case, I imagine they install binaries like git-sync, git-graft, etc. when you run "legit install".


habosa 453 days ago | link

Is this a vulnerability in some way? Like could I replace someone's git-add binary to expose private source code? It scares me that someone can change my git behavior so easily.

-----

skymt 453 days ago | link

If someone can replace your `git-add` binary or put their own in a directory earlier in your $PATH, they can do the same with `git`, `ls` or any other program.

-----

zck 453 days ago | link

If someone's running an executable you give them without knowing what it actually is, their security is already lost. So yeah, that's a problem, but nothing specific to Legit or git.

-----

hcarvalhoalves 453 days ago | link

How is that any different than replacing any other binary in your filesystem?

-----




Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: