mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src/internal
History
Roland Shoemaker 953d1feca9 all: introduce and use internal/execabs 
Introduces a wrapper around os/exec, internal/execabs, for use in
all commands. This wrapper prevents exec.LookPath and exec.Command from
running executables in the current directory.

All imports of os/exec in non-test files in cmd/ are replaced with
imports of internal/execabs.

This issue was reported by RyotaK.

Fixes CVE-2021-3115
Fixes #43783

Change-Id: I0423451a6e27ec1e1d6f3fe929ab1ef69145c08f
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955304
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/284783
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
 		2021-01-21 19:10:18 +00:00
..
bytealg internal/bytealg: improve mips64x equal on large size 2020-10-23 15:53:01 +00:00
cfg cmd/go: add GOVCS setting to control version control usage 2020-11-09 15:46:56 +00:00
cpu all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTemp 2020-12-09 19:12:23 +00:00
execabs all: introduce and use internal/execabs 2021-01-21 19:10:18 +00:00
fmtsort internal/fmtsort: sort the unsafe pointers in map 2020-11-19 02:17:10 +00:00
goroot all: introduce and use internal/execabs 2021-01-21 19:10:18 +00:00
goversion internal/goversion: update Version to 1.16 2020-08-12 15:02:24 +00:00
lazyregexp internal/lazytemplate: add a lazy template wrapper 2019-02-27 23:49:01 +00:00
lazytemplate internal/lazytemplate: add a lazy template wrapper 2019-02-27 23:49:01 +00:00
nettrace
obscuretestdata all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTemp 2020-12-09 19:12:23 +00:00
oserror all: remove os.ErrTimeout 2019-08-02 17:57:18 +00:00
poll all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTemp 2020-12-09 19:12:23 +00:00
profile all: update references to symbols moved from io/ioutil to io 2020-10-20 18:41:18 +00:00
race
reflectlite Revert "cmd/compile: split exported/non-exported methods for interface type" 2020-10-28 17:10:08 +00:00
singleflight internal/singleflight: format someErr 2019-10-25 16:31:41 +00:00
syscall syscall: remove RtlGenRandom and move it into internal/syscall 2021-01-15 18:42:27 +00:00
sysinfo testing: print cpu type as label for benchmarks 2020-10-20 21:30:18 +00:00
testenv all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTemp 2020-12-09 19:12:23 +00:00
testlog cmd/go, testing, os: fail test that calls os.Exit(0) 2020-08-27 23:19:15 +00:00
trace all: update to use os.ReadDir where appropriate 2020-12-09 19:12:27 +00:00
unsafeheader internal/unsafeheader: fix reference in godoc comment for type String 2020-05-01 16:14:17 +00:00
xcoff internal/xcoff: fix wrong bit masking comparisons 2020-03-09 18:07:53 +00:00