src/tools.rs: add setup_safe_path_env()

author Dietmar Maurer <dietmar@proxmox.com>

Mon, 15 Jun 2020 08:38:30 +0000 (10:38 +0200)

committer Dietmar Maurer <dietmar@proxmox.com>

Mon, 15 Jun 2020 08:38:30 +0000 (10:38 +0200)
author Dietmar Maurer <dietmar@proxmox.com>
Mon, 15 Jun 2020 08:38:30 +0000 (10:38 +0200)
committer Dietmar Maurer <dietmar@proxmox.com>
Mon, 15 Jun 2020 08:38:30 +0000 (10:38 +0200)
diff --git a/src/bin/proxmox-backup-api.rs b/src/bin/proxmox-backup-api.rs

index 82bac3861914fd4fa4d4761b292739c8da6e8c56..9dde46c0f360d8a21f2357d6de99fb26eb5d37c7 100644 (file)
--- a/src/bin/proxmox-backup-api.rs
+++ b/src/bin/proxmox-backup-api.rs
@@ -14,6 +14,8 @@ use proxmox_backup::config;
  use proxmox_backup::buildcfg;
  
  fn main() {
+    proxmox_backup::tools::setup_safe_path_env();
+
      if let Err(err) = proxmox_backup::tools::runtime::main(run()) {
          eprintln!("Error: {}", err);
          std::process::exit(-1);
diff --git a/src/bin/proxmox-backup-manager.rs b/src/bin/proxmox-backup-manager.rs

index e76efcaa72948ac7e06f0b63b32fe4393761c14b..ae4607c223326ed7c3018135e7cdc1f228b26efc 100644 (file)
--- a/src/bin/proxmox-backup-manager.rs
+++ b/src/bin/proxmox-backup-manager.rs
@@ -321,6 +321,8 @@ async fn pull_datastore(
  
  fn main() {
  
+    proxmox_backup::tools::setup_safe_path_env();
+
      let cmd_def = CliCommandMap::new()
          .insert("acl", acl_commands())
          .insert("datastore", datastore_commands())
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs

index 1e36a8e8f47bd9bf3723b0e58afba427e157d16c..75f53b9b221d0bd12be234d8ddde4d20615b9bbe 100644 (file)
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -18,6 +18,8 @@ use proxmox_backup::auth_helpers::*;
  use proxmox_backup::tools::disks::{ DiskManage, zfs_pool_stats };
  
  fn main() {
+    proxmox_backup::tools::setup_safe_path_env();
+
      if let Err(err) = proxmox_backup::tools::runtime::main(run()) {
          eprintln!("Error: {}", err);
          std::process::exit(-1);
diff --git a/src/tools.rs b/src/tools.rs

index 6c831f6cd6da23c8c3ce06618b383aa0beff2f0e..63222468b293717442e981f28650f9c088f2e24c 100644 (file)
--- a/src/tools.rs
+++ b/src/tools.rs
@@ -622,3 +622,11 @@ pub fn epoch_now_f64() -> Result<f64, SystemTimeError> {
  pub fn epoch_now_u64() -> Result<u64, SystemTimeError> {
      Ok(epoch_now()?.as_secs())
  }
+
+pub fn setup_safe_path_env() {
+    std::env::set_var("PATH", "/sbin:/bin:/usr/sbin:/usr/bin");
+    // Make %ENV safer - as suggested by https://perldoc.perl.org/perlsec.html
+    for name in &["IFS", "CDPATH", "ENV", "BASH_ENV"] {
+        std::env::remove_var(name);
+    }
+}
author	Dietmar Maurer <dietmar@proxmox.com>
	Mon, 15 Jun 2020 08:38:30 +0000 (10:38 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Mon, 15 Jun 2020 08:38:30 +0000 (10:38 +0200)
src/bin/proxmox-backup-api.rs		patch \| blob \| blame \| history
src/bin/proxmox-backup-manager.rs		patch \| blob \| blame \| history
src/bin/proxmox-backup-proxy.rs		patch \| blob \| blame \| history
src/tools.rs		patch \| blob \| blame \| history