proxmox-mirrors/proxmox-acme
1
0
Fork 0
mirror of https://git.proxmox.com/git/proxmox-acme synced 2025-10-31 07:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

dns plugin: reset environment

Browse Source 
in addition to switching to nobody:nogroup, to reduce things exposed to
the dnsapi plugins

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2020-04-17 14:42:24 +02:00
parent bd6d81d468
commit f0ed07330c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/PVE/ACME/DNSChallenge.pm
View File

@ -160,7 +160,7 @@ my $proxmox_acme_command = sub {
# for security reasons, we execute the command as nobody
# we can't verify that the code of the DNSPlugins are harmless.
my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--"];
my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--reset-env", "--"];
# The order of the parameters passed to proxmox-acme is important
# proxmox-acme <setup|teardown> $plugin <$domain|$alias> $txtvalue [$plugin_conf_string]