Guest24897/DockerCLI

Commit Graph

Author	SHA1	Message	Date
Sebastiaan van Stijn	4cf04988ae	remove uses of golang.org/x/sys/execabs the "golang.org/x/sys/execabs" package was introduced to address a security issue on Windows, and changing the default behavior of os/exec was considered a breaking change. go1.19 applied the behavior that was previously implemented in the execabs package; from the release notes: https://go.dev/doc/go1.19#os-exec-path > Command and LookPath no longer allow results from a PATH search to be found > relative to the current directory. This removes a common source of security > problems but may also break existing programs that depend on using, say, > exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) > in the current directory. See the os/exec package documentation for information > about how best to update such programs. > > On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath > environment variable, making it possible to disable the default implicit search > of “.” in PATH lookups on Windows systems. With those changes, we no longer need to use the execabs package, and we can switch back to os/exec. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2023-05-26 02:03:45 +02:00
Tibor Vass	8d199d5bba	Use golang.org/x/sys/execabs On Windows, the os/exec.{Command,CommandContext,LookPath} functions resolve command names that have neither path separators nor file extension (e.g., "git") by first looking in the current working directory before looking in the PATH environment variable. Go maintainers intended to match cmd.exe's historical behavior. However, this is pretty much never the intended behavior and as an abundance of precaution this patch prevents that when executing commands. Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`. Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`, the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker. Signed-off-by: Tibor Vass <tibor@docker.com>	2021-01-26 17:18:04 +00:00
Ian Campbell	f1f31abbe5	Add support for running a CLI plugin Also includes the scaffolding for finding a validating plugin candidates. Argument validation is moved to RunE to support this, so `noArgs` is removed. Signed-off-by: Ian Campbell <ijc@docker.com>	2019-01-30 13:44:04 +00:00

Author

SHA1

Message

Date

Sebastiaan van Stijn

4cf04988ae

remove uses of golang.org/x/sys/execabs

the "golang.org/x/sys/execabs" package was introduced to address a security
issue on Windows, and changing the default behavior of os/exec was considered
a breaking change. go1.19 applied the behavior that was previously implemented
in the execabs package;

from the release notes: https://go.dev/doc/go1.19#os-exec-path

> Command and LookPath no longer allow results from a PATH search to be found
> relative to the current directory. This removes a common source of security
> problems but may also break existing programs that depend on using, say,
> exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe)
> in the current directory. See the os/exec package documentation for information
> about how best to update such programs.
>
> On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath
> environment variable, making it possible to disable the default implicit search
> of “.” in PATH lookups on Windows systems.

With those changes, we no longer need to use the execabs package, and we can
switch back to os/exec.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2023-05-26 02:03:45 +02:00

Tibor Vass

8d199d5bba

Use golang.org/x/sys/execabs

On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>

2021-01-26 17:18:04 +00:00

Ian Campbell

f1f31abbe5

Add support for running a CLI plugin

Also includes the  scaffolding for finding a validating plugin candidates.

Argument validation is moved to RunE to support this, so `noArgs` is removed.

Signed-off-by: Ian Campbell <ijc@docker.com>

2019-01-30 13:44:04 +00:00

3 Commits