1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From b07a9b01cc31143436b7e4ee82cb1dd0ceacffb5 Mon Sep 17 00:00:00 2001
From: Guido Berhoerster <guido@berhoerster.name>
Date: Tue, 8 Aug 2023 14:26:56 +0200
Subject: [PATCH] Revert "Enable env to work"
This reverts commit 87e54bc6e8e628dd60793e955c4eed9dfa78cbd4.
Trying to parse a shell command via regex is impossible to get right, the
current approach fails on trivial things like wrapping a command with sudo.
This may expose possibly sensitive information to other users via /proc, ps and
the like.
---
include/class_plugin.inc | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
--- a/include/class_plugin.inc
+++ b/include/class_plugin.inc
@@ -1701,16 +1701,7 @@
// Try to open the process
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,$command,"Execute");
- preg_match("/^(.* )?(\/.*)$/", $command, $matches);
- $command = $matches[2];
- $env = Array();
- preg_match_all("/ ?([^=]+)=('[^']*')/", $matches[1], $tmp, PREG_SET_ORDER);
- foreach($tmp as $e) {
- $env[$e[1]] = trim($e[2], "'");
- }
-
- $process = proc_open($command, $descriptorspec, $pipes, NULL, $env);
-
+ $process = proc_open($command, $descriptorspec, $pipes);
if (is_resource($process)) {
// Write the password to stdin
|
