Use golang.org/x/sys/execabs

On Windows, the os/exec.{Command,CommandContext,LookPath} functions resolve command names that have neither path separators nor file extension (e.g., "git") by first looking in the current working directory before looking in the PATH environment variable. Go maintainers intended to match cmd.exe's historical behavior. However, this is pretty much never the intended behavior and as an abundance of precaution this patch prevents that when executing commands. Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`. Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`, the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker. Signed-off-by: Tibor Vass <tibor@docker.com>
docker · Jan 26, 2021 · 8d199d5 · 8d199d5
1 parent 7bef248
commit 8d199d5
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 5 deletions.
diff --git a/cli-plugins/manager/candidate.go b/cli-plugins/manager/candidate.go
@@ -1,7 +1,7 @@
 package manager
 
 import (
-	"os/exec"
+	exec "golang.org/x/sys/execabs"
 )
 
 // Candidate represents a possible plugin candidate, for mocking purposes

diff --git a/cli-plugins/manager/manager.go b/cli-plugins/manager/manager.go
@@ -3,7 +3,6 @@ package manager
 import (
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"sort"
 	"strings"
@@ -12,6 +11,7 @@ import (
 	"github.com/docker/cli/cli/config"
 	"github.com/fvbommel/sortorder"
 	"github.com/spf13/cobra"
+	exec "golang.org/x/sys/execabs"
 )
 
 // ReexecEnvvar is the name of an ennvar which is set to the command

diff --git a/cli/command/image/build/context.go b/cli/command/image/build/context.go
@@ -9,7 +9,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
@@ -24,6 +23,7 @@ import (
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/pkg/errors"
+	exec "golang.org/x/sys/execabs"
 )
 
 const (

diff --git a/cli/config/credentials/default_store.go b/cli/config/credentials/default_store.go
@@ -1,7 +1,7 @@
 package credentials
 
 import (
-	"os/exec"
+	exec "golang.org/x/sys/execabs"
 )
 
 // DetectDefaultStore return the default credentials store for the platform if

diff --git a/cli/connhelper/commandconn/commandconn.go b/cli/connhelper/commandconn/commandconn.go
@@ -20,7 +20,6 @@ import (
 	"io"
 	"net"
 	"os"
-	"os/exec"
 	"runtime"
 	"strings"
 	"sync"
@@ -29,6 +28,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	exec "golang.org/x/sys/execabs"
 )
 
 // New returns net.Conn