Not many may know who Linus Torvalds, except those in the technology field. Linus is a Finnish-American software engineer and the principal force behind the development of the Linux kernel. Well, he is a geek, a high-level techie and he seldom says something wrong. The creator of the Linux kernel and the Git says a lot of things that many don’t understand. However, the techie recently spoke about Apple’s HFS+ file system and the problem it has.
Softpedia reported that a discussion at the Git was high with a problem in Apple’s HFS+ file system in the topic. Not only is there a problem with the HFS+ file system, NTFS also does include the same issue. Both the file systems are case sensitive and this causes problems. The issue forces developers at the Git to release a new version to fix the problems with both Windows and Apple file systems. Linux, however, had never been affected. The problem with the two file systems was basically a security issue because of the file system.
A critical vulnerability was identified by the Git, early December 2014, which was fixed in a few weeks. The bug fix will prevent attackers from exploiting its users.
The vulnerability:
Git stores all of its data in the .git/ directory in the root of your repository. When Git checks out files, it has built-in safeguards to prevent it from overwriting the contents of .git/. Prior to the vulnerability being fixed, these safeguards were not sufficient for protection on certain file systems.
Although it is not possible to check out a tree named .git in your repository, it was possible to create a malicious tree with different case, for example .Git or .GIT. This is a problem on case-insensitive file systems, including OS X (HFS+) and Windows (FAT/NTFS), because Git would happily write out the contents of a maliciously constructed tree over the contents of .git/.
This vulnerability can be used to write the contents of any file in .git/, including modifying or creating executable files in .git/hooks/.
For complete in-depth information about the vulnerability, click here.
Linus Torvalds also stated, “Quite frankly, HFS+ is probably the worst file system ever”. He went on to state that the issue with NTFS was at least fixed, but OS X problems seemed to be fundamental.
Below: Read the complete thread of comments where Linus Torvalds hits Apple under the belt.
