git security fsmonitor (2026)
git security fsmonitor
WARNING. Major emacs git security hole. Running arbitrary command from a git repo you just cloned. Triggered by just opening a file. (no emacs file variable required)
- https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/Emacs.md
- https://github.com/justinsteven/advisories/blob/main/2022_git_buried_bare_repos_and_fsmonitor_various_abuses.metadata
- https://www.bleepingcomputer.com/news/security/claude-ai-finds-vim-emacs-rce-bugs-that-trigger-on-file-open/
- in recent git version, how did they fix the security problem of nested .git running arbitrary code via core.fsmonitor
- https://x.com/i/grok/share/f7163e0546b64794af471e8731fd82ca
