-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
On Windows, the os/exec.{Command,CommandContext,LookPath} functions resolve command names that have neither path separators nor file extension (e.g., "git") by first looking in the current working directory before looking in the PATH environment variable. Go maintainers intended to match cmd.exe's historical behavior. However, this is pretty much never the intended behavior and as an abundance of precaution this patch prevents that when executing commands. Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`. Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`, the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker. Signed-off-by: Tibor Vass <[email protected]>
- Loading branch information
Tibor Vass
committed
Jan 26, 2021
1 parent
98fab0b
commit e05c3ce
Showing
5 changed files
with
5 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters