Skip to content

Commit

Permalink
switch back from golang.org/x/sys/execabs to os/exec (go1.19)
Browse files Browse the repository at this point in the history 
This reverts commit f2a5645, which switched
from os/exec to the golang.org/x/sys/execabs package to mitigate security
issues (mainly on Windows) with lookups resolving to binaries in the current
directory.

from the go1.19 release notes https://go.dev/doc/go1.19#os-exec-path

> ## PATH lookups
>
> Command and LookPath no longer allow results from a PATH search to be found
> relative to the current directory. This removes a common source of security
> problems but may also break existing programs that depend on using, say,
> exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in
> the current directory. See the os/exec package documentation for information
> about how best to update such programs.
>
> On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath
> environment variable, making it possible to disable the default implicit search
> of “.” in PATH lookups on Windows systems.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information
@thaJeztah
thaJeztah committed Apr 22, 2024
1 parent 3c9576c commit 92c1f57
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions pkg/security/grantvmgroupaccess_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,11 @@ package security

import (
"os"
"os/exec"
"path/filepath"
"regexp"
"strings"
"testing"

exec "golang.org/x/sys/execabs"
)

const (
Expand Down

0 comments on commit 92c1f57

Please sign in to comment.