in addition to switching to nobody:nogroup, to reduce things exposed to
the dnsapi plugins
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
# for security reasons, we execute the command as nobody
# we can't verify that the code of the DNSPlugins are harmless.
# for security reasons, we execute the command as nobody
# we can't verify that the code of the DNSPlugins are harmless.
- my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--"];
+ my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--reset-env", "--"];
# The order of the parameters passed to proxmox-acme is important
# proxmox-acme <setup|teardown> $plugin <$domain|$alias> $txtvalue [$plugin_conf_string]
# The order of the parameters passed to proxmox-acme is important
# proxmox-acme <setup|teardown> $plugin <$domain|$alias> $txtvalue [$plugin_conf_string]