Impact
Git for Windows ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections.
The location of connect.exe's config file is hard-coded as /etc/connectrc which will typically be interpreted as C:\etc\connectrc. Since C:\etc can be created by any authenticated user, this makes connect.exe susceptible to malicious files being placed there by other users on the same multi-user machine.
Patches
The problem has been patched in Git for Windows v2.40.1.
Workarounds
Create the folder etc on all drives where Git commands are run, and remove read/write access from those folders:
mkdir \etc
icacls \etc /inheritance:r
Alternatively, be very careful to watch out for malicious <drive>:\etc\connectrc files on multi-user machines.
References
Source code repository of the connect proxy: https://github.com/gotoh/ssh-connect
Impact
Git for Windows ships with an executable called
connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections.The location of
connect.exe's config file is hard-coded as/etc/connectrcwhich will typically be interpreted asC:\etc\connectrc. SinceC:\etccan be created by any authenticated user, this makesconnect.exesusceptible to malicious files being placed there by other users on the same multi-user machine.Patches
The problem has been patched in Git for Windows v2.40.1.
Workarounds
Create the folder
etcon all drives where Git commands are run, and remove read/write access from those folders:Alternatively, be very careful to watch out for malicious
<drive>:\etc\connectrcfiles on multi-user machines.References
Source code repository of the
connectproxy: https://github.com/gotoh/ssh-connect