Fixes a security issue with -pristine and an empty prefix.

For the case of an empty prefix, the parent process' environment would get dumped into the child process' environment, even when -pristine was specified. This initializes the environment to an empty slice instead of a nil one to prevent this.
mdelagrange · Jan 22, 2018 · dde0c21 · dde0c21
1 parent d2e0641
commit dde0c21
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/runner.go b/runner.go
@@ -293,8 +293,11 @@ func (r *Runner) Run() (<-chan int, error) {
 		newEnv[k] = v
 	}
 
-	// Prepare the final environment
-	var cmdEnv []string
+	// Prepare the final environment. Note that it's CRUCIAL for us to
+	// initialize this slice to an empty one vs. a nil one, since that's
+	// how the child process class decides whether to pull in the parent's
+	// environment or not, and we control that via -pristine.
+	cmdEnv := make([]string, 0)
 	for k, v := range newEnv {
 		cmdEnv = append(cmdEnv, fmt.Sprintf("%s=%s", k, v))
 	}