From e05c3ceb195b9eb8ae319a70094d4ad0b1bbda24 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Mon, 25 Jan 2021 19:18:54 +0000 Subject: [PATCH] Use golang.org/x/sys/execabs On Windows, the os/exec.{Command,CommandContext,LookPath} functions resolve command names that have neither path separators nor file extension (e.g., "git") by first looking in the current working directory before looking in the PATH environment variable. Go maintainers intended to match cmd.exe's historical behavior. However, this is pretty much never the intended behavior and as an abundance of precaution this patch prevents that when executing commands. Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`. Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`, the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker. Signed-off-by: Tibor Vass --- cli-plugins/manager/candidate.go | 2 +- cli-plugins/manager/manager.go | 2 +- cli/command/image/build/context.go | 2 +- cli/config/credentials/default_store.go | 2 +- cli/connhelper/commandconn/commandconn.go | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cli-plugins/manager/candidate.go b/cli-plugins/manager/candidate.go index 2000e5b142f6..752b1cb0ef8f 100644 --- a/cli-plugins/manager/candidate.go +++ b/cli-plugins/manager/candidate.go @@ -1,7 +1,7 @@ package manager import ( - "os/exec" + exec "golang.org/x/sys/execabs" ) // Candidate represents a possible plugin candidate, for mocking purposes diff --git a/cli-plugins/manager/manager.go b/cli-plugins/manager/manager.go index eaac4826221f..50f7208ea334 100644 --- a/cli-plugins/manager/manager.go +++ b/cli-plugins/manager/manager.go @@ -3,7 +3,6 @@ package manager import ( "io/ioutil" "os" - "os/exec" "path/filepath" "sort" "strings" @@ -12,6 +11,7 @@ import ( "github.com/docker/cli/cli/config" "github.com/fvbommel/sortorder" "github.com/spf13/cobra" + exec "golang.org/x/sys/execabs" ) // ReexecEnvvar is the name of an ennvar which is set to the command diff --git a/cli/command/image/build/context.go b/cli/command/image/build/context.go index 24a9d525b5fb..2509f66de4a4 100644 --- a/cli/command/image/build/context.go +++ b/cli/command/image/build/context.go @@ -9,7 +9,6 @@ import ( "io/ioutil" "net/http" "os" - "os/exec" "path/filepath" "runtime" "strings" @@ -24,6 +23,7 @@ import ( "github.com/docker/docker/pkg/streamformatter" "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" + exec "golang.org/x/sys/execabs" ) const ( diff --git a/cli/config/credentials/default_store.go b/cli/config/credentials/default_store.go index 7a760f1a979c..402235bff025 100644 --- a/cli/config/credentials/default_store.go +++ b/cli/config/credentials/default_store.go @@ -1,7 +1,7 @@ package credentials import ( - "os/exec" + exec "golang.org/x/sys/execabs" ) // DetectDefaultStore return the default credentials store for the platform if diff --git a/cli/connhelper/commandconn/commandconn.go b/cli/connhelper/commandconn/commandconn.go index 4c5783fb3bc2..128da447b5f6 100644 --- a/cli/connhelper/commandconn/commandconn.go +++ b/cli/connhelper/commandconn/commandconn.go @@ -20,7 +20,6 @@ import ( "io" "net" "os" - "os/exec" "runtime" "strings" "sync" @@ -29,6 +28,7 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" + exec "golang.org/x/sys/execabs" ) // New returns net.Conn