switch back from golang.org/x/sys/execabs to os/exec (go1.19)
This is effectively a revert of 2ac9968401, which
switched from os/exec to the golang.org/x/sys/execabs package to mitigate
security issues (mainly on Windows) with lookups resolving to binaries in the
current directory.
from the go1.19 release notes https://go.dev/doc/go1.19#os-exec-path
> ## PATH lookups
>
> Command and LookPath no longer allow results from a PATH search to be found
> relative to the current directory. This removes a common source of security
> problems but may also break existing programs that depend on using, say,
> exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in
> the current directory. See the os/exec package documentation for information
> about how best to update such programs.
>
> On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath
> environment variable, making it possible to disable the default implicit search
> of “.” in PATH lookups on Windows systems.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
@@ -24,6 +24,7 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
@@ -35,7 +36,6 @@ import (
|
||||
"github.com/containerd/containerd/v2/snapshots/testsuite"
|
||||
"github.com/containerd/continuity/testutil/loopback"
|
||||
"github.com/containerd/plugin"
|
||||
exec "golang.org/x/sys/execabs"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
@@ -51,7 +51,6 @@ func boltSnapshotter(t *testing.T) func(context.Context, string) (snapshots.Snap
|
||||
}
|
||||
|
||||
return func(ctx context.Context, root string) (snapshots.Snapshotter, func() error, error) {
|
||||
|
||||
loopbackSize := int64(128 << 20) // 128 MB
|
||||
// mkfs.btrfs creates a fs which has a blocksize equal to the system default pagesize. If that pagesize
|
||||
// is > 4KB, mounting the fs will fail unless we increase the size of the file used by mkfs.btrfs
|
||||
@@ -59,7 +58,6 @@ func boltSnapshotter(t *testing.T) func(context.Context, string) (snapshots.Snap
|
||||
loopbackSize = int64(650 << 20) // 650 MB
|
||||
}
|
||||
loop, err := loopback.New(loopbackSize)
|
||||
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@@ -146,7 +144,7 @@ func TestBtrfsMounts(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
if err := os.MkdirAll(target, 0755); err != nil {
|
||||
if err := os.MkdirAll(target, 0o755); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := mount.All(mounts, target); err != nil {
|
||||
@@ -155,13 +153,13 @@ func TestBtrfsMounts(t *testing.T) {
|
||||
defer testutil.Unmount(t, target)
|
||||
|
||||
// write in some data
|
||||
if err := os.WriteFile(filepath.Join(target, "foo"), []byte("content"), 0777); err != nil {
|
||||
if err := os.WriteFile(filepath.Join(target, "foo"), []byte("content"), 0o777); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// TODO(stevvooe): We don't really make this with the driver, but that
|
||||
// might prove annoying in practice.
|
||||
if err := os.MkdirAll(filepath.Join(root, "snapshots"), 0755); err != nil {
|
||||
if err := os.MkdirAll(filepath.Join(root, "snapshots"), 0o755); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@@ -175,7 +173,7 @@ func TestBtrfsMounts(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if err := os.MkdirAll(target, 0755); err != nil {
|
||||
if err := os.MkdirAll(target, 0o755); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
@@ -192,7 +190,7 @@ func TestBtrfsMounts(t *testing.T) {
|
||||
t.Fatalf("wrong content in foo want: content, got: %s", bs)
|
||||
}
|
||||
|
||||
if err := os.WriteFile(filepath.Join(target, "bar"), []byte("content"), 0777); err != nil {
|
||||
if err := os.WriteFile(filepath.Join(target, "bar"), []byte("content"), 0o777); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
|
||||
package blkdiscard
|
||||
|
||||
import exec "golang.org/x/sys/execabs"
|
||||
import "os/exec"
|
||||
|
||||
// Version returns the output of "blkdiscard --version"
|
||||
func Version() (string, error) {
|
||||
|
||||
@@ -25,11 +25,11 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
blkdiscard "github.com/containerd/containerd/v2/snapshots/devmapper/blkdiscard"
|
||||
exec "golang.org/x/sys/execabs"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
"time"
|
||||
@@ -32,7 +33,6 @@ import (
|
||||
"github.com/containerd/log"
|
||||
"github.com/docker/go-units"
|
||||
"github.com/stretchr/testify/assert"
|
||||
exec "golang.org/x/sys/execabs"
|
||||
)
|
||||
|
||||
const (
|
||||
|
||||
@@ -23,6 +23,7 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
@@ -33,7 +34,6 @@ import (
|
||||
"github.com/containerd/containerd/v2/snapshots/devmapper/dmsetup"
|
||||
"github.com/containerd/containerd/v2/snapshots/storage"
|
||||
"github.com/containerd/log"
|
||||
exec "golang.org/x/sys/execabs"
|
||||
)
|
||||
|
||||
type fsType string
|
||||
|
||||
@@ -19,11 +19,11 @@
|
||||
package overlayutils
|
||||
|
||||
import (
|
||||
"os/exec"
|
||||
"testing"
|
||||
|
||||
"github.com/containerd/containerd/v2/pkg/testutil"
|
||||
"github.com/containerd/continuity/testutil/loopback"
|
||||
exec "golang.org/x/sys/execabs"
|
||||
)
|
||||
|
||||
func testOverlaySupported(t testing.TB, expected bool, mkfs ...string) {
|
||||
|
||||
Reference in New Issue
Block a user