aboutsummaryrefslogtreecommitdiff
path: root/src/internal/execabs
AgeCommit message (Collapse)Author
2022-05-02all: use os/exec instead of internal/execabsRuss Cox
We added internal/execabs back in January 2021 in order to fix a security problem caused by os/exec's handling of the current directory. Now that os/exec has that code, internal/execabs is superfluous and can be deleted. This commit rewrites all the imports back to os/exec and deletes internal/execabs. For #43724. Change-Id: Ib9736baf978be2afd42a1225e2ab3fd5d33d19df Reviewed-on: https://go-review.googlesource.com/c/go/+/381375 Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Russ Cox <rsc@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2022-05-02os/exec: return error when PATH lookup would use current directoryRuss Cox
CL 381374 was reverted because x/sys/execabs broke. This CL reapplies CL 381374, but adding a lookPathErr error field back, for execabs to manipulate with reflect. That field will just be a bit of scar tissue in this package forever, to keep old code working with new toolchains. CL 403256 fixes x/sys/execabs's test to be ready for the change. Older versions of x/sys/execabs will keep working (that is, will keep rejecting what they should reject), but they will return a slightly different error from LookPath without that CL, and the test fails because of the different error text. For #43724. This reverts commit f2b674756b3b684118e4245627d4ed8c07e518e7. Change-Id: Iee55f8cd9939e1bd31e5cbdada50681cdc505117 Reviewed-on: https://go-review.googlesource.com/c/go/+/403274 Auto-Submit: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
2022-04-29Revert "os/exec: return error when PATH lookup would use current directory"Bryan Mills
This reverts CL 381374. Reason for revert: broke tests for x/sys/execabs. Updates #43724. Updates #43947. Change-Id: I9eb3adb5728dead66dbd20f6afe1e7a77e2a26f1 Reviewed-on: https://go-review.googlesource.com/c/go/+/403058 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Bryan Mills <bcmills@google.com>
2022-04-29os/exec: return error when PATH lookup would use current directoryRuss Cox
Following discussion on #43724, change os/exec to take the approach of golang.org/x/sys/execabs, refusing to respect path entries mentioning relative paths by default. Code that insists on being able to find executables in relative directories in the path will need to add a couple lines to override the error. See the updated package docs in exec.go for more details. Fixes #43724. Fixes #43947. Change-Id: I73c1214f322b60b4167a23e956e933d50470fe13 Reviewed-on: https://go-review.googlesource.com/c/go/+/381374 Reviewed-by: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Bryan Mills <bcmills@google.com>
2021-04-12internal/execabs: replace ioutil.WriteFile with os.WriteFileManlio Perillo
Fixes #45532. Change-Id: I844acd50d6fa1ce918969bbb52f79dd7412d289f Reviewed-on: https://go-review.googlesource.com/c/go/+/309350 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Tobias Klauser <tobias.klauser@gmail.com>
2021-04-05all: update references to symbols moved from io/ioutil to ioKimMachineGun
Update references missed in CL 263142. For #41190 Change-Id: I778760a6a69bd0440fec0848bdef539c9ccb4ee1 GitHub-Last-Rev: dda42b09fff36dc08ec1cdec50cc19e3da5058e5 GitHub-Pull-Request: golang/go#42874 Reviewed-on: https://go-review.googlesource.com/c/go/+/273946 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Cherry Zhang <cherryyz@google.com>
2021-01-21all: introduce and use internal/execabsRoland Shoemaker
Introduces a wrapper around os/exec, internal/execabs, for use in all commands. This wrapper prevents exec.LookPath and exec.Command from running executables in the current directory. All imports of os/exec in non-test files in cmd/ are replaced with imports of internal/execabs. This issue was reported by RyotaK. Fixes CVE-2021-3115 Fixes #43783 Change-Id: I0423451a6e27ec1e1d6f3fe929ab1ef69145c08f Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955304 Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/284783 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Trust: Roland Shoemaker <roland@golang.org>
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 18:37:22 +0000