Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,714 Commits 11 Branches 241 Tags 240 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
Tibor Vass 8d199d5bba Use golang.org/x/sys/execabs 
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
 2021-01-26 17:18:04 +00:00
Tycho Andersen 4cf1849418 defaultCredentialStore: make this a function 
In the next patch, we'll use this to implement some logic about which
password backend to use.

Signed-off-by: Tycho Andersen <tycho@docker.com>
 2017-09-20 11:14:27 -06:00
Daniel Nephin 33cbb70270
Cleanup config/credentials, remove dependency on config file. 
Signed-off-by: Daniel Nephin <dnephin@docker.com>
 2017-06-27 13:45:50 +02:00
Daniel Nephin 10641c2aae Update imports. 
Signed-off-by: Daniel Nephin <dnephin@docker.com>
 2017-04-17 18:07:56 -04:00
Daniel Nephin 1630fc40f8 Import docker/docker/cli 
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
 2017-04-17 17:40:59 -04:00