security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

sandbox: check command function pointer
All checks were successful
Test / Create distribution (push) Successful in 25s
Details
Test / Fortify (push) Successful in 2m37s
Details
Test / Fpkg (push) Successful in 3m25s
Details
Test / Data race detector (push) Successful in 3m59s
Details
Test / Flake checks (push) Successful in 55s
Details

Browse Source 
Setting default CommandContext on initialisation is somewhat of a footgun.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-03-16 23:29:14 +09:00
parent 42de09e896
commit 48feca800f
2 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
internal/sandbox/container.go
View File

@@ -118,7 +118,7 @@ func (p *Container) Start() error {
return errors.New("sandbox: starting an empty container")
}
c, cancel := context.WithCancel(p.ctx)
ctx, cancel := context.WithCancel(p.ctx)
p.cancel = cancel
var cloneFlags uintptr = syscall.CLONE_NEWIPC |
@@ -136,7 +136,13 @@ func (p *Container) Start() error {
p.Gid = OverflowGid()
}
p.cmd = p.CommandContext(c)
if p.CommandContext != nil {
p.cmd = p.CommandContext(ctx)
} else {
p.cmd = exec.CommandContext(ctx, internal.MustExecutable())
p.cmd.Args = []string{"init"}
}
p.cmd.Stdin, p.cmd.Stdout, p.cmd.Stderr = p.Stdin, p.Stdout, p.Stderr
p.cmd.Cancel, p.cmd.WaitDelay = p.Cancel, p.WaitDelay
p.cmd.Dir = "/"
@@ -225,10 +231,5 @@ func (p *Container) String() string {
func New(ctx context.Context, name string, args ...string) *Container {
return &Container{name: name, ctx: ctx,
InitParams: InitParams{Args: append([]string{name}, args...), Dir: "/", Ops: new(Ops)},
CommandContext: func(ctx context.Context) (cmd *exec.Cmd) {
cmd = exec.CommandContext(ctx, internal.MustExecutable())
cmd.Args = []string{"init"}
return
},
}
}