github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 03:59:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(exec): harden safe-bin trust and add explicit trusted dirs

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 22:42:29 +01:00
parent 08fb38f729
commit 64b273a71c
18 changed files with 123 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/config/types.tools.ts
View File

@@ -227,6 +227,8 @@ export type ExecToolConfig = {
pathPrepend?: string[];
/** Safe stdin-only binaries that can run without allowlist entries. */
safeBins?: string[];
/** Extra explicit directories trusted for safeBins path checks (never derived from PATH). */
safeBinTrustedDirs?: string[];
/** Optional custom safe-bin profiles for entries in tools.exec.safeBins. */
safeBinProfiles?: Record<string, SafeBinProfileFixture>;
/** Default time (ms) before an exec command auto-backgrounds. */