On August 15, 2025 12:04 AM, Elijah Newren wrote: >On Thu, Aug 14, 2025 at 7:15 PM Christoph Anton Mitterer ><calestyo@xxxxxxxxxxxx> wrote: >> >> Hey. >> >> On Thu, 2025-08-14 at 18:23 -0700, Junio C Hamano wrote: >> > Look for "alias.*" in "git help config". >> > >> > To avoid >> > confusion and troubles with script usage, aliases that >> > hide existing Git commands are ignored. >> >> Can't one add some kind of override for this? > >No. And there won't be one in the future either; see e.g. >https://lore.kernel.org/git/alpine.DEB.1.00.0903070407480.10279@xxxxxxxxxxx- >cbg.de/ > >> Cause AFAIU, my command >> from below would not hide the other commands, or would it? > >The documentation you are responding to didn't talk about "other" >commands, it talked about "existing" commands. Your alias, meant to invoke `git >stash` with different arguments, would hide the existing `git stash` command. > >It might also be an infinite loop of sorts, since your `git stash` alias invokes `git stash >...` which is...itself. > >And it'd mean that other folks who use git commands in their scripts now can't rely >on any git commands doing what their documentation claims. > >> > If the alias expansion is prefixed with an exclamation >> > point, it will be treated as a shell command. >> >> Well I kinda thought that... still wouldn't though if it was detailed >> what exactly happens :-) > >Doesn't it detail what happens already? > > If the alias expansion is prefixed with an exclamation point, it will be treated as >a shell command. For example, defining alias.new = !gitk --all --not > ORIG_HEAD, the invocation git new is equivalent to running the shell >command gitk --all --not ORIG_HEAD. Note that shell commands will be executed >from the > top-level directory of a repository, which may not necessarily be the current >directory. GIT_PREFIX is set as returned by running git rev-parse --show-prefix > from the original current directory. See git-rev-parse(1). > >What is missing from this explanation? Aside from the above, hiding an existing command would potentially allow a man-in-the-middle attack. Imagine changing git clone to be something else, like cloning a hostile repository. Hiding existing commands could result in a HIGH severity CVE in git - I would consider it as such. Please ensure that no fix/enhancement is done to support this request. --Radall
