switch back from golang.org/x/sys/execabs to os/exec (go1.19)

This is effectively a revert of 2ac9968401, which switched from os/exec to the golang.org/x/sys/execabs package to mitigate security issues (mainly on Windows) with lookups resolving to binaries in the current directory. from the go1.19 release notes https://go.dev/doc/go1.19#os-exec-path > ## PATH lookups > > Command and LookPath no longer allow results from a PATH search to be found > relative to the current directory. This removes a common source of security > problems but may also break existing programs that depend on using, say, > exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in > the current directory. See the os/exec package documentation for information > about how best to update such programs. > > On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath > environment variable, making it possible to disable the default implicit search > of “.” in PATH lookups on Windows systems. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-09 12:39:20 +01:00
parent 6cd0e8e405
commit 2af6db672e
36 changed files with 41 additions and 48 deletions
--- a/integration/client/client_test.go
+++ b/integration/client/client_test.go
@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/exec"
 	"testing"
 	"time"

@@ -30,7 +31,6 @@ import (
 	"github.com/opencontainers/image-spec/identity"
 	"github.com/stretchr/testify/require"
 	"go.opentelemetry.io/otel"
-	exec "golang.org/x/sys/execabs"

 	. "github.com/containerd/containerd/v2/client"
 	"github.com/containerd/containerd/v2/defaults"
--- a/integration/client/container_fuzzer.go
+++ b/integration/client/container_fuzzer.go
@@ -26,13 +26,13 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"os/exec"
 	"strings"
 	"time"

 	fuzz "github.com/AdaLogics/go-fuzz-headers"
 	containerd "github.com/containerd/containerd/v2/client"
 	"github.com/containerd/containerd/v2/oci"
-	exec "golang.org/x/sys/execabs"
 )

 var (
--- a/integration/client/container_linux_test.go
+++ b/integration/client/container_linux_test.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
@@ -44,7 +45,6 @@ import (

 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/stretchr/testify/require"
-	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 )

--- a/integration/client/container_test.go
+++ b/integration/client/container_test.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
 	"runtime"
@@ -49,7 +50,6 @@ import (
 	"github.com/containerd/typeurl/v2"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/stretchr/testify/require"
-	exec "golang.org/x/sys/execabs"
 )

 func empty() cio.Creator {
--- a/integration/client/daemon.go
+++ b/integration/client/daemon.go
@@ -21,13 +21,13 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"os/exec"
 	"runtime"
 	"sync"
 	"syscall"
 	"time"

 	. "github.com/containerd/containerd/v2/client"
-	exec "golang.org/x/sys/execabs"
 )

 type daemon struct {
--- a/integration/client/restart_monitor_test.go
+++ b/integration/client/restart_monitor_test.go
@@ -22,6 +22,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strconv"
@@ -38,7 +39,6 @@ import (
 	srvconfig "github.com/containerd/containerd/v2/services/server/config"
 	"github.com/containerd/typeurl/v2"
 	"github.com/stretchr/testify/require"
-	exec "golang.org/x/sys/execabs"
 )

 func newDaemonWithConfig(t *testing.T, configTOML string) (*Client, *daemon, func()) {
--- a/integration/image_load_test.go
+++ b/integration/image_load_test.go
@@ -17,13 +17,13 @@
 package integration

 import (
+	"os/exec"
 	"path/filepath"
 	"testing"
 	"time"

 	"github.com/containerd/containerd/v2/integration/images"
 	"github.com/stretchr/testify/require"
-	exec "golang.org/x/sys/execabs"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )

--- a/integration/issue7496_linux_test.go
+++ b/integration/issue7496_linux_test.go
@@ -22,6 +22,7 @@ import (
 	"io"
 	"net"
 	"os"
+	"os/exec"
 	"strconv"
 	"strings"
 	"syscall"
@@ -35,7 +36,6 @@ import (
 	"github.com/containerd/ttrpc"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	exec "golang.org/x/sys/execabs"
 )

 // TestIssue7496 is used to reproduce https://github.com/containerd/containerd/issues/7496
--- a/integration/main_test.go
+++ b/integration/main_test.go
@@ -25,6 +25,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/exec"
 	"path/filepath"
 	goruntime "runtime"
 	"strconv"
@@ -47,7 +48,6 @@ import (
 	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	exec "golang.org/x/sys/execabs"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
--- a/integration/pod_userns_linux_test.go
+++ b/integration/pod_userns_linux_test.go
@@ -21,6 +21,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"os/exec"
 	"os/user"
 	"path/filepath"
 	"strings"
@@ -32,7 +33,6 @@ import (
 	runc "github.com/containerd/go-runc"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	exec "golang.org/x/sys/execabs"
 	"golang.org/x/sys/unix"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )
--- a/integration/volume_copy_up_unix_test.go
+++ b/integration/volume_copy_up_unix_test.go
@@ -20,8 +20,7 @@ package integration

 import (
 	"fmt"
-
-	exec "golang.org/x/sys/execabs"
+	"os/exec"
 )

 func getOwnership(path string) (string, error) {