mirror of
https://github.com/golang/go
synced 2024-11-11 20:20:23 -07:00
all: introduce and use internal/execabs
Introduces a wrapper around os/exec, internal/execabs, for use in all commands. This wrapper prevents exec.LookPath and exec.Command from running executables in the current directory. All imports of os/exec in non-test files in cmd/ are replaced with imports of internal/execabs. This issue was reported by RyotaK. Fixes CVE-2021-3115 Fixes #43783 Change-Id: I0423451a6e27ec1e1d6f3fe929ab1ef69145c08f Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955304 Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/284783 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Trust: Roland Shoemaker <roland@golang.org>
This commit is contained in:
parent
b186e4d70d
commit
953d1feca9
@ -16,10 +16,10 @@ import (
|
||||
"go/parser"
|
||||
"go/token"
|
||||
"go/types"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"runtime"
|
||||
|
@ -10,9 +10,9 @@ package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strings"
|
||||
|
@ -14,10 +14,10 @@ import (
|
||||
"go/ast"
|
||||
"go/printer"
|
||||
"go/token"
|
||||
exec "internal/execabs"
|
||||
"internal/xcoff"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"sort"
|
||||
|
@ -8,9 +8,9 @@ import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"go/token"
|
||||
exec "internal/execabs"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
)
|
||||
|
||||
// run runs the command argv, feeding in stdin on standard input.
|
||||
|
@ -9,9 +9,9 @@ import (
|
||||
"cmd/internal/src"
|
||||
"fmt"
|
||||
"html"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -15,9 +15,9 @@ import (
|
||||
"go/ast"
|
||||
"go/parser"
|
||||
"go/token"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
|
2
src/cmd/cover/testdata/toolexec.go
vendored
2
src/cmd/cover/testdata/toolexec.go
vendored
@ -16,7 +16,7 @@ package main
|
||||
|
||||
import (
|
||||
"os"
|
||||
"os/exec"
|
||||
exec "internal/execabs"
|
||||
"strings"
|
||||
)
|
||||
|
||||
|
4
src/cmd/dist/buildtool.go
vendored
4
src/cmd/dist/buildtool.go
vendored
@ -305,8 +305,10 @@ func bootstrapFixImports(srcFile string) string {
|
||||
continue
|
||||
}
|
||||
if strings.HasPrefix(line, `import "`) || strings.HasPrefix(line, `import . "`) ||
|
||||
inBlock && (strings.HasPrefix(line, "\t\"") || strings.HasPrefix(line, "\t. \"")) {
|
||||
inBlock && (strings.HasPrefix(line, "\t\"") || strings.HasPrefix(line, "\t. \"") || strings.HasPrefix(line, "\texec \"")) {
|
||||
line = strings.Replace(line, `"cmd/`, `"bootstrap/cmd/`, -1)
|
||||
// During bootstrap, must use plain os/exec.
|
||||
line = strings.Replace(line, `exec "internal/execabs"`, `"os/exec"`, -1)
|
||||
for _, dir := range bootstrapDirs {
|
||||
if strings.HasPrefix(dir, "cmd/") {
|
||||
continue
|
||||
|
@ -7,9 +7,9 @@ package main
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
@ -9,8 +9,8 @@ import (
|
||||
"go/ast"
|
||||
"go/parser"
|
||||
"go/token"
|
||||
exec "internal/execabs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"reflect"
|
||||
"runtime"
|
||||
|
@ -10,9 +10,9 @@ import (
|
||||
"context"
|
||||
"flag"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
|
@ -9,10 +9,10 @@ import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
urlpkg "net/url"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"runtime"
|
||||
|
@ -12,10 +12,10 @@ import (
|
||||
"fmt"
|
||||
"go/parser"
|
||||
"go/token"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strconv"
|
||||
|
@ -10,10 +10,10 @@ import (
|
||||
"bytes"
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"io/fs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
|
@ -8,11 +8,11 @@ import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"io/fs"
|
||||
"net/url"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"sort"
|
||||
"strconv"
|
||||
|
@ -9,9 +9,9 @@ package main
|
||||
import (
|
||||
"bytes"
|
||||
"flag"
|
||||
exec "internal/execabs"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
"testing"
|
||||
"text/template"
|
||||
|
@ -11,10 +11,10 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"go/build"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"io/fs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
|
@ -8,8 +8,8 @@ package tool
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"os/signal"
|
||||
"sort"
|
||||
"strings"
|
||||
|
@ -8,13 +8,13 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"internal/lazyregexp"
|
||||
"internal/singleflight"
|
||||
"io/fs"
|
||||
"log"
|
||||
urlpkg "net/url"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
@ -10,9 +10,9 @@ import (
|
||||
"errors"
|
||||
"flag"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
|
@ -9,9 +9,9 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"go/build"
|
||||
exec "internal/execabs"
|
||||
"internal/goroot"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
|
@ -7,8 +7,8 @@ package work
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
||||
"cmd/go/internal/base"
|
||||
|
@ -13,13 +13,13 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"internal/lazyregexp"
|
||||
"io"
|
||||
"io/fs"
|
||||
"log"
|
||||
"math/rand"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"runtime"
|
||||
|
@ -6,8 +6,8 @@ package work
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
|
2
src/cmd/go/testdata/addmod.go
vendored
2
src/cmd/go/testdata/addmod.go
vendored
@ -25,7 +25,7 @@ import (
|
||||
"io/fs"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
exec "internal/execabs"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
|
@ -6,8 +6,8 @@
|
||||
package browser
|
||||
|
||||
import (
|
||||
exec "internal/execabs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"runtime"
|
||||
"time"
|
||||
)
|
||||
|
@ -7,9 +7,9 @@
|
||||
package diff
|
||||
|
||||
import (
|
||||
exec "internal/execabs"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
"runtime"
|
||||
)
|
||||
|
||||
|
@ -12,7 +12,7 @@ import (
|
||||
"cmd/internal/objabi"
|
||||
"errors"
|
||||
"fmt"
|
||||
"os/exec"
|
||||
exec "internal/execabs"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -10,9 +10,9 @@ import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
)
|
||||
|
||||
|
@ -7,8 +7,8 @@
|
||||
package ld
|
||||
|
||||
import (
|
||||
exec "internal/execabs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
)
|
||||
|
@ -49,11 +49,11 @@ import (
|
||||
"encoding/base64"
|
||||
"encoding/binary"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"sort"
|
||||
|
@ -86,9 +86,9 @@ package main
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
"cmd/internal/test2json"
|
||||
)
|
||||
|
@ -9,11 +9,11 @@ package main
|
||||
import (
|
||||
"bufio"
|
||||
"fmt"
|
||||
exec "internal/execabs"
|
||||
"internal/trace"
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"sort"
|
||||
|
@ -11,13 +11,13 @@ import (
|
||||
"go/ast"
|
||||
"go/doc"
|
||||
"go/token"
|
||||
exec "internal/execabs"
|
||||
"internal/goroot"
|
||||
"internal/goversion"
|
||||
"io"
|
||||
"io/fs"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
pathpkg "path"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
|
@ -178,7 +178,7 @@ var depsRules = `
|
||||
reflect !< OS;
|
||||
|
||||
OS
|
||||
< golang.org/x/sys/cpu, internal/goroot;
|
||||
< golang.org/x/sys/cpu;
|
||||
|
||||
# FMT is OS (which includes string routines) plus reflect and fmt.
|
||||
# It does not include package log, which should be avoided in core packages.
|
||||
@ -194,6 +194,12 @@ var depsRules = `
|
||||
|
||||
log !< FMT;
|
||||
|
||||
OS, FMT
|
||||
< internal/execabs;
|
||||
|
||||
OS, internal/execabs
|
||||
< internal/goroot;
|
||||
|
||||
# Misc packages needing only FMT.
|
||||
FMT
|
||||
< flag,
|
||||
|
@ -7,8 +7,8 @@ package gccgoimporter
|
||||
import (
|
||||
"bufio"
|
||||
"go/types"
|
||||
exec "internal/execabs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
)
|
||||
|
@ -13,9 +13,9 @@ import (
|
||||
"go/parser"
|
||||
"go/token"
|
||||
"go/types"
|
||||
exec "internal/execabs"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
|
70
src/internal/execabs/execabs.go
Normal file
70
src/internal/execabs/execabs.go
Normal file
@ -0,0 +1,70 @@
|
||||
// Copyright 2021 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package execabs is a drop-in replacement for os/exec
|
||||
// that requires PATH lookups to find absolute paths.
|
||||
// That is, execabs.Command("cmd") runs the same PATH lookup
|
||||
// as exec.Command("cmd"), but if the result is a path
|
||||
// which is relative, the Run and Start methods will report
|
||||
// an error instead of running the executable.
|
||||
package execabs
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"reflect"
|
||||
"unsafe"
|
||||
)
|
||||
|
||||
var ErrNotFound = exec.ErrNotFound
|
||||
|
||||
type (
|
||||
Cmd = exec.Cmd
|
||||
Error = exec.Error
|
||||
ExitError = exec.ExitError
|
||||
)
|
||||
|
||||
func relError(file, path string) error {
|
||||
return fmt.Errorf("%s resolves to executable relative to current directory (.%c%s)", file, filepath.Separator, path)
|
||||
}
|
||||
|
||||
func LookPath(file string) (string, error) {
|
||||
path, err := exec.LookPath(file)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if filepath.Base(file) == file && !filepath.IsAbs(path) {
|
||||
return "", relError(file, path)
|
||||
}
|
||||
return path, nil
|
||||
}
|
||||
|
||||
func fixCmd(name string, cmd *exec.Cmd) {
|
||||
if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) {
|
||||
// exec.Command was called with a bare binary name and
|
||||
// exec.LookPath returned a path which is not absolute.
|
||||
// Set cmd.lookPathErr and clear cmd.Path so that it
|
||||
// cannot be run.
|
||||
lookPathErr := (*error)(unsafe.Pointer(reflect.ValueOf(cmd).Elem().FieldByName("lookPathErr").Addr().Pointer()))
|
||||
if *lookPathErr == nil {
|
||||
*lookPathErr = relError(name, cmd.Path)
|
||||
}
|
||||
cmd.Path = ""
|
||||
}
|
||||
}
|
||||
|
||||
func CommandContext(ctx context.Context, name string, arg ...string) *exec.Cmd {
|
||||
cmd := exec.CommandContext(ctx, name, arg...)
|
||||
fixCmd(name, cmd)
|
||||
return cmd
|
||||
|
||||
}
|
||||
|
||||
func Command(name string, arg ...string) *exec.Cmd {
|
||||
cmd := exec.Command(name, arg...)
|
||||
fixCmd(name, cmd)
|
||||
return cmd
|
||||
}
|
104
src/internal/execabs/execabs_test.go
Normal file
104
src/internal/execabs/execabs_test.go
Normal file
@ -0,0 +1,104 @@
|
||||
// Copyright 2020 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package execabs
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"internal/testenv"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestFixCmd(t *testing.T) {
|
||||
cmd := &exec.Cmd{Path: "hello"}
|
||||
fixCmd("hello", cmd)
|
||||
if cmd.Path != "" {
|
||||
t.Error("fixCmd didn't clear cmd.Path")
|
||||
}
|
||||
expectedErr := fmt.Sprintf("hello resolves to executable relative to current directory (.%chello)", filepath.Separator)
|
||||
if err := cmd.Run(); err == nil {
|
||||
t.Fatal("Command.Run didn't fail")
|
||||
} else if err.Error() != expectedErr {
|
||||
t.Fatalf("Command.Run returned unexpected error: want %q, got %q", expectedErr, err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
func TestCommand(t *testing.T) {
|
||||
testenv.MustHaveExec(t)
|
||||
|
||||
for _, cmd := range []func(string) *Cmd{
|
||||
func(s string) *Cmd { return Command(s) },
|
||||
func(s string) *Cmd { return CommandContext(context.Background(), s) },
|
||||
} {
|
||||
tmpDir := t.TempDir()
|
||||
executable := "execabs-test"
|
||||
if runtime.GOOS == "windows" {
|
||||
executable += ".exe"
|
||||
}
|
||||
if err := ioutil.WriteFile(filepath.Join(tmpDir, executable), []byte{1, 2, 3}, 0111); err != nil {
|
||||
t.Fatalf("ioutil.WriteFile failed: %s", err)
|
||||
}
|
||||
cwd, err := os.Getwd()
|
||||
if err != nil {
|
||||
t.Fatalf("os.Getwd failed: %s", err)
|
||||
}
|
||||
defer os.Chdir(cwd)
|
||||
if err = os.Chdir(tmpDir); err != nil {
|
||||
t.Fatalf("os.Chdir failed: %s", err)
|
||||
}
|
||||
if runtime.GOOS != "windows" {
|
||||
// add "." to PATH so that exec.LookPath looks in the current directory on
|
||||
// non-windows platforms as well
|
||||
origPath := os.Getenv("PATH")
|
||||
defer os.Setenv("PATH", origPath)
|
||||
os.Setenv("PATH", fmt.Sprintf(".:%s", origPath))
|
||||
}
|
||||
expectedErr := fmt.Sprintf("execabs-test resolves to executable relative to current directory (.%c%s)", filepath.Separator, executable)
|
||||
if err = cmd("execabs-test").Run(); err == nil {
|
||||
t.Fatalf("Command.Run didn't fail when exec.LookPath returned a relative path")
|
||||
} else if err.Error() != expectedErr {
|
||||
t.Errorf("Command.Run returned unexpected error: want %q, got %q", expectedErr, err.Error())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestLookPath(t *testing.T) {
|
||||
testenv.MustHaveExec(t)
|
||||
|
||||
tmpDir := t.TempDir()
|
||||
executable := "execabs-test"
|
||||
if runtime.GOOS == "windows" {
|
||||
executable += ".exe"
|
||||
}
|
||||
if err := ioutil.WriteFile(filepath.Join(tmpDir, executable), []byte{1, 2, 3}, 0111); err != nil {
|
||||
t.Fatalf("ioutil.WriteFile failed: %s", err)
|
||||
}
|
||||
cwd, err := os.Getwd()
|
||||
if err != nil {
|
||||
t.Fatalf("os.Getwd failed: %s", err)
|
||||
}
|
||||
defer os.Chdir(cwd)
|
||||
if err = os.Chdir(tmpDir); err != nil {
|
||||
t.Fatalf("os.Chdir failed: %s", err)
|
||||
}
|
||||
if runtime.GOOS != "windows" {
|
||||
// add "." to PATH so that exec.LookPath looks in the current directory on
|
||||
// non-windows platforms as well
|
||||
origPath := os.Getenv("PATH")
|
||||
defer os.Setenv("PATH", origPath)
|
||||
os.Setenv("PATH", fmt.Sprintf(".:%s", origPath))
|
||||
}
|
||||
expectedErr := fmt.Sprintf("execabs-test resolves to executable relative to current directory (.%c%s)", filepath.Separator, executable)
|
||||
if _, err := LookPath("execabs-test"); err == nil {
|
||||
t.Fatalf("LookPath didn't fail when finding a non-relative path")
|
||||
} else if err.Error() != expectedErr {
|
||||
t.Errorf("LookPath returned unexpected error: want %q, got %q", expectedErr, err.Error())
|
||||
}
|
||||
}
|
@ -7,8 +7,8 @@
|
||||
package goroot
|
||||
|
||||
import (
|
||||
exec "internal/execabs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
|
Loading…
Reference in New Issue
Block a user