Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use HTTPS for manual git clone to avoid MITM #6043

Merged
merged 1 commit into from Apr 15, 2018
Merged

Use HTTPS for manual git clone to avoid MITM #6043

merged 1 commit into from Apr 15, 2018

Conversation

DonnchaC
Copy link
Contributor

The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.

@DonnchaC
Use HTTPS for manual git clone to avoid MITM
fcf4c17 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
@johnp
Copy link

johnp commented May 1, 2017

Also note that the git:// transport uses a port (tcp/9418) that's often blocked in company or university firewalls, while https:// usually just works.

@mcornella mcornella merged commit 4fa4e5f into ohmyzsh:master Apr 15, 2018
@mcornella
Copy link
Member

Good thinking. Thanks!

lesterchan added a commit to lesterchan/oh-my-zsh that referenced this pull request Apr 19, 2018
@lesterchan
Merge remote-tracking branch 'upstream/master'
8dd2cbc 
* upstream/master: (47 commits)
  [installer] use `command -v` to check for git
  [cloud theme] add a space (ohmyzsh#3215)
  updated symfony plugin to add entity generation and schema update aliases (ohmyzsh#5042)
  Fix styling and format of hanami README
  Add table of aliases for hanami plugin
  Add README for hanami plugin
  Add hanami plugin inspired by rails
  npm init (ohmyzsh#6648)
  [archlinux] add recent aliases and functions to readme
  plugins/archlinux: add pacls, pacown, pacweb
  Use HTTPS for manual git clone to avoid  MITM (ohmyzsh#6043)
  Fix git_commits_{ahead,before} when no upstream branch is defined (ohmyzsh#6658)
  [archlinux] Fix function syntax to avoid clashes with aliases
  [rkj-repos] Check for 'hg prompt' and exit if not found (ohmyzsh#6655)
  Fix typo that resulted in math error (ohmyzsh#6731)
  Improve emotty plugin (ohmyzsh#5999)
  Fix emotty theme when using zsh 5.2 (ohmyzsh#5998)
  Added trizen to the archlinux plugin (ohmyzsh#6650)
  Reduce number of git calls when displaying prompt (ohmyzsh#3795)
  hotfix for archlinux.plugin.zsh (ohmyzsh#5909)
  ...
seth-cohen pushed a commit to seth-cohen/oh-my-zsh that referenced this pull request Oct 29, 2018
@DonnchaC
Use HTTPS for manual git clone to avoid MITM (ohmyzsh#6043)
535a1e5 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
jmartindf pushed a commit to jmartindf/oh-my-zsh that referenced this pull request Nov 10, 2018
@DonnchaC @jmartindf
Use HTTPS for manual git clone to avoid MITM (ohmyzsh#6043)
3fadfd3 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
sagischwarz pushed a commit to sagischwarz/ohmyzsh that referenced this pull request Nov 19, 2018
@DonnchaC @mcornella
Use HTTPS for manual git clone to avoid MITM (ohmyzsh#6043)
4828f03 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
chihchun pushed a commit to chihchun/oh-my-zsh that referenced this pull request Aug 6, 2019
@DonnchaC @chihchun
Use HTTPS for manual git clone to avoid MITM (ohmyzsh#6043)
2986101 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
kankongmeng pushed a commit to kankongmeng/oh-my-zsh that referenced this pull request Jan 8, 2020
@DonnchaC
Use HTTPS for manual git clone to avoid MITM (ohmyzsh#6043)
a304125 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
spiliopoulos pushed a commit to spiliopoulos/zsh-config that referenced this pull request Jun 17, 2020
@DonnchaC @spiliopoulos
Use HTTPS for manual git clone to avoid MITM (ohmyzsh#6043)
d0556fe 
The git:// transport is completely unauthenticated. An attacker on the local or upstream network can easily man-in-the-middle an oh-my-zsh update and get remote code execution on your system. Only the https:// git transport should be used.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@DonnchaC @johnp @mcornella