Loading main.go +15 −0 Original line number Diff line number Diff line Loading @@ -36,6 +36,21 @@ import ( ) func main() { // Clear XDG override variables before any path resolution or sandboxing. // sshd does not set these, but an attacker with a permissive AcceptEnv or // PermitUserEnvironment could inject them to redirect the database path. // Unsetting them forces the xdg library to fall back to HOME-based defaults, // which sshd always sets correctly from the passwd database. for _, v := range []string{ "XDG_DATA_HOME", "XDG_CONFIG_HOME", "XDG_CACHE_HOME", "XDG_RUNTIME_DIR", "XDG_STATE_HOME", } { os.Unsetenv(v) } cmd := &cli.Command{ Name: "bulletin", Usage: "a bulletin system", Loading Loading
main.go +15 −0 Original line number Diff line number Diff line Loading @@ -36,6 +36,21 @@ import ( ) func main() { // Clear XDG override variables before any path resolution or sandboxing. // sshd does not set these, but an attacker with a permissive AcceptEnv or // PermitUserEnvironment could inject them to redirect the database path. // Unsetting them forces the xdg library to fall back to HOME-based defaults, // which sshd always sets correctly from the passwd database. for _, v := range []string{ "XDG_DATA_HOME", "XDG_CONFIG_HOME", "XDG_CACHE_HOME", "XDG_RUNTIME_DIR", "XDG_STATE_HOME", } { os.Unsetenv(v) } cmd := &cli.Command{ Name: "bulletin", Usage: "a bulletin system", Loading
