diff options
| author | Roland Shoemaker <roland@golang.org> | 2021-01-15 12:14:06 -0800 |
|---|---|---|
| committer | Roland Shoemaker <roland@golang.org> | 2021-01-21 19:10:18 +0000 |
| commit | 953d1feca9b21af075ad5fc8a3dad096d3ccc3a0 (patch) | |
| tree | 1ff369f7be4e70f816db745bc2b4cc465c9b4f96 /src/go | |
| parent | b186e4d70de28697d1ad7e3c31625793e6338ef0 (diff) | |
| download | go-953d1feca9b21af075ad5fc8a3dad096d3ccc3a0.tar.gz go-953d1feca9b21af075ad5fc8a3dad096d3ccc3a0.zip | |
all: introduce and use internal/execabs
Introduces a wrapper around os/exec, internal/execabs, for use in
all commands. This wrapper prevents exec.LookPath and exec.Command from
running executables in the current directory.
All imports of os/exec in non-test files in cmd/ are replaced with
imports of internal/execabs.
This issue was reported by RyotaK.
Fixes CVE-2021-3115
Fixes #43783
Change-Id: I0423451a6e27ec1e1d6f3fe929ab1ef69145c08f
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955304
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/284783
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Diffstat (limited to 'src/go')
| -rw-r--r-- | src/go/build/build.go | 2 | ||||
| -rw-r--r-- | src/go/build/deps_test.go | 8 | ||||
| -rw-r--r-- | src/go/internal/gccgoimporter/gccgoinstallation.go | 2 | ||||
| -rw-r--r-- | src/go/internal/srcimporter/srcimporter.go | 2 |
4 files changed, 10 insertions, 4 deletions
diff --git a/src/go/build/build.go b/src/go/build/build.go index 72311c7d2c..217fadf5bd 100644 --- a/src/go/build/build.go +++ b/src/go/build/build.go @@ -11,13 +11,13 @@ import ( "go/ast" "go/doc" "go/token" + exec "internal/execabs" "internal/goroot" "internal/goversion" "io" "io/fs" "io/ioutil" "os" - "os/exec" pathpkg "path" "path/filepath" "runtime" diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 99cd59e5b5..c97c668cc4 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -178,7 +178,7 @@ var depsRules = ` reflect !< OS; OS - < golang.org/x/sys/cpu, internal/goroot; + < golang.org/x/sys/cpu; # FMT is OS (which includes string routines) plus reflect and fmt. # It does not include package log, which should be avoided in core packages. @@ -194,6 +194,12 @@ var depsRules = ` log !< FMT; + OS, FMT + < internal/execabs; + + OS, internal/execabs + < internal/goroot; + # Misc packages needing only FMT. FMT < flag, diff --git a/src/go/internal/gccgoimporter/gccgoinstallation.go b/src/go/internal/gccgoimporter/gccgoinstallation.go index 8fc7ce3232..e90a3cc0b0 100644 --- a/src/go/internal/gccgoimporter/gccgoinstallation.go +++ b/src/go/internal/gccgoimporter/gccgoinstallation.go @@ -7,8 +7,8 @@ package gccgoimporter import ( "bufio" "go/types" + exec "internal/execabs" "os" - "os/exec" "path/filepath" "strings" ) diff --git a/src/go/internal/srcimporter/srcimporter.go b/src/go/internal/srcimporter/srcimporter.go index c4d501dcd9..438ae0ff2e 100644 --- a/src/go/internal/srcimporter/srcimporter.go +++ b/src/go/internal/srcimporter/srcimporter.go @@ -13,9 +13,9 @@ import ( "go/parser" "go/token" "go/types" + exec "internal/execabs" "io" "os" - "os/exec" "path/filepath" "strings" "sync" |