Commit 8f7c7875 authored by Kevin Lyda's avatar Kevin Lyda
Browse files

Protect against ssh env vars

parent 1e604f83
Loading
Loading
Loading
Loading
+15 −0
Original line number Diff line number Diff line
@@ -36,6 +36,21 @@ import (
)

func main() {
	// Clear XDG override variables before any path resolution or sandboxing.
	// sshd does not set these, but an attacker with a permissive AcceptEnv or
	// PermitUserEnvironment could inject them to redirect the database path.
	// Unsetting them forces the xdg library to fall back to HOME-based defaults,
	// which sshd always sets correctly from the passwd database.
	for _, v := range []string{
		"XDG_DATA_HOME",
		"XDG_CONFIG_HOME",
		"XDG_CACHE_HOME",
		"XDG_RUNTIME_DIR",
		"XDG_STATE_HOME",
	} {
		os.Unsetenv(v)
	}

	cmd := &cli.Command{
		Name:        "bulletin",
		Usage:       "a bulletin system",