From ac7513e368e47320a03b0fe1bffff0894e13e5ad Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Mon, 15 Jun 2020 10:38:30 +0200 Subject: [PATCH] src/tools.rs: add setup_safe_path_env() --- src/bin/proxmox-backup-api.rs | 2 ++ src/bin/proxmox-backup-manager.rs | 2 ++ src/bin/proxmox-backup-proxy.rs | 2 ++ src/tools.rs | 8 ++++++++ 4 files changed, 14 insertions(+) diff --git a/src/bin/proxmox-backup-api.rs b/src/bin/proxmox-backup-api.rs index 82bac386..9dde46c0 100644 --- a/src/bin/proxmox-backup-api.rs +++ b/src/bin/proxmox-backup-api.rs @@ -14,6 +14,8 @@ use proxmox_backup::config; use proxmox_backup::buildcfg; fn main() { + proxmox_backup::tools::setup_safe_path_env(); + if let Err(err) = proxmox_backup::tools::runtime::main(run()) { eprintln!("Error: {}", err); std::process::exit(-1); diff --git a/src/bin/proxmox-backup-manager.rs b/src/bin/proxmox-backup-manager.rs index e76efcaa..ae4607c2 100644 --- a/src/bin/proxmox-backup-manager.rs +++ b/src/bin/proxmox-backup-manager.rs @@ -321,6 +321,8 @@ async fn pull_datastore( fn main() { + proxmox_backup::tools::setup_safe_path_env(); + let cmd_def = CliCommandMap::new() .insert("acl", acl_commands()) .insert("datastore", datastore_commands()) diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index 1e36a8e8..75f53b9b 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -18,6 +18,8 @@ use proxmox_backup::auth_helpers::*; use proxmox_backup::tools::disks::{ DiskManage, zfs_pool_stats }; fn main() { + proxmox_backup::tools::setup_safe_path_env(); + if let Err(err) = proxmox_backup::tools::runtime::main(run()) { eprintln!("Error: {}", err); std::process::exit(-1); diff --git a/src/tools.rs b/src/tools.rs index 6c831f6c..63222468 100644 --- a/src/tools.rs +++ b/src/tools.rs @@ -622,3 +622,11 @@ pub fn epoch_now_f64() -> Result { pub fn epoch_now_u64() -> Result { Ok(epoch_now()?.as_secs()) } + +pub fn setup_safe_path_env() { + std::env::set_var("PATH", "/sbin:/bin:/usr/sbin:/usr/bin"); + // Make %ENV safer - as suggested by https://perldoc.perl.org/perlsec.html + for name in &["IFS", "CDPATH", "ENV", "BASH_ENV"] { + std::env::remove_var(name); + } +}