Sanitizing of environment variables and fixed passing of vars to shell

master
xSmurf 10 years ago
parent 2b2de2fa31
commit fe2776b1ad

@ -14,6 +14,7 @@ type Config struct {
UseFullDev bool `json:"use_full_dev"` UseFullDev bool `json:"use_full_dev"`
AllowRootShell bool `json:"allow_root_shell"` AllowRootShell bool `json:"allow_root_shell"`
LogXpra bool `json:"log_xpra"` LogXpra bool `json:"log_xpra"`
EnvironmentVars []string `json:"environment_vars"`
} }
const DefaultConfigPath = "/etc/oz/oz.conf" const DefaultConfigPath = "/etc/oz/oz.conf"
@ -28,6 +29,10 @@ func NewDefaultConfig() *Config {
UseFullDev: false, UseFullDev: false,
AllowRootShell: false, AllowRootShell: false,
LogXpra: false, LogXpra: false,
EnvironmentVars: []string{
"USER", "USERNAME", "LOGNAME",
"LANG", "LANGUAGE", "_",
},
} }
} }

@ -3,6 +3,7 @@ package daemon
import ( import (
"fmt" "fmt"
"os/user" "os/user"
"strings"
"syscall" "syscall"
"github.com/subgraph/oz" "github.com/subgraph/oz"
@ -127,7 +128,8 @@ func (d *daemonState) handleLaunch(msg *LaunchMsg, m *ipc.Message) error {
return m.Respond(&ErrorMsg{err.Error()}) return m.Respond(&ErrorMsg{err.Error()})
} }
d.Debug("Would launch %s", p.Name) d.Debug("Would launch %s", p.Name)
_, err = d.launch(p, msg.Env, m.Ucred.Uid, m.Ucred.Gid, d.log) env := d.sanitizeEnvironment(p, msg.Env)
_, err = d.launch(p, env, m.Ucred.Uid, m.Ucred.Gid, d.log)
if err != nil { if err != nil {
d.Warning("launch of %s failed: %v", p.Name, err) d.Warning("launch of %s failed: %v", p.Name, err)
return m.Respond(&ErrorMsg{err.Error()}) return m.Respond(&ErrorMsg{err.Error()})
@ -135,6 +137,41 @@ func (d *daemonState) handleLaunch(msg *LaunchMsg, m *ipc.Message) error {
return m.Respond(&OkMsg{}) return m.Respond(&OkMsg{})
} }
func (d *daemonState) sanitizeEnvironment(p *oz.Profile, oldEnv []string) ([]string) {
newEnv := []string{}
for _, EnvItem := range d.config.EnvironmentVars {
for _, OldItem := range oldEnv {
if strings.HasPrefix(OldItem, EnvItem+"=") {
newEnv = append(newEnv, EnvItem+"="+strings.Replace(OldItem, EnvItem+"=", "", 1))
break
}
}
}
for _, EnvItem := range p.Environment {
if EnvItem.Value != "" {
d.log.Info("Setting environment variable: %s=%s\n", EnvItem.Name, EnvItem.Value)
newEnv = append(newEnv, EnvItem.Name+"="+EnvItem.Value)
} else {
for _, OldItem := range oldEnv {
if strings.HasPrefix(OldItem, EnvItem.Name+"=") {
NewValue := strings.Replace(OldItem, EnvItem.Name+"=", "", 1)
newEnv = append(newEnv, EnvItem.Name+"="+NewValue)
d.log.Info("Cloning environment variable: %s=%s\n", EnvItem.Name, NewValue)
break
}
}
}
}
return newEnv
}
func (d *daemonState) handleKillSandbox(msg *KillSandboxMsg, m *ipc.Message) error { func (d *daemonState) handleKillSandbox(msg *KillSandboxMsg, m *ipc.Message) error {
sbox := d.sandboxById(msg.Id) sbox := d.sandboxById(msg.Id)
if sbox == nil { if sbox == nil {

@ -319,7 +319,7 @@ func (st *initState) handleRunShell(rs *RunShellMsg, msg *ipc.Message) error {
Gid: msg.Ucred.Gid, Gid: msg.Ucred.Gid,
} }
if rs.Term != "" { if rs.Term != "" {
cmd.Env = append(cmd.Env, "TERM="+rs.Term) cmd.Env = append(st.launchEnv, "TERM="+rs.Term)
} }
if msg.Ucred.Uid != 0 && msg.Ucred.Gid != 0 { if msg.Ucred.Uid != 0 && msg.Ucred.Gid != 0 {
if homedir, _ := st.fs.GetHomeDir(); homedir != "" { if homedir, _ := st.fs.GetHomeDir(); homedir != "" {
@ -327,9 +327,11 @@ func (st *initState) handleRunShell(rs *RunShellMsg, msg *ipc.Message) error {
cmd.Env = append(cmd.Env, "HOME="+homedir) cmd.Env = append(cmd.Env, "HOME="+homedir)
} }
} }
/*
if st.profile.XServer.Enabled { if st.profile.XServer.Enabled {
cmd.Env = append(cmd.Env, "DISPLAY=:"+strconv.Itoa(st.display)) cmd.Env = append(cmd.Env, "DISPLAY=:"+strconv.Itoa(st.display))
} }
*/
cmd.Env = append(cmd.Env, "PATH=/usr/bin:/bin") cmd.Env = append(cmd.Env, "PATH=/usr/bin:/bin")
cmd.Env = append(cmd.Env, fmt.Sprintf("PS1=[%s] $ ", st.profile.Name)) cmd.Env = append(cmd.Env, fmt.Sprintf("PS1=[%s] $ ", st.profile.Name))
st.log.Info("Executing shell...") st.log.Info("Executing shell...")

Loading…
Cancel
Save