github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 10:51:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden shell env fallback startup env handling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 16:06:11 +01:00
parent ab1840b881
commit 9363c320d8
5 changed files with 110 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/infra/shell-env.ts
View File

@@ -1,7 +1,9 @@
import { execFileSync } from "node:child_process";
import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import { isTruthyEnvValue } from "./env.js";
import { sanitizeHostExecEnv } from "./host-env-security.js";
const DEFAULT_TIMEOUT_MS = 15_000;
const DEFAULT_MAX_BUFFER_BYTES = 2 * 1024 * 1024;
@@ -17,6 +19,22 @@ let lastAppliedKeys: string[] = [];
let cachedShellPath: string | null | undefined;
let cachedEtcShells: Set<string> | null | undefined;
function resolveShellExecEnv(env: NodeJS.ProcessEnv): NodeJS.ProcessEnv {
const execEnv = sanitizeHostExecEnv({ baseEnv: env });
// Startup-file resolution must stay pinned to the real user home.
const home = os.homedir().trim();
if (home) {
execEnv.HOME = home;
} else {
delete execEnv.HOME;
}
// Avoid zsh startup-file redirection via env poisoning.
delete execEnv.ZDOTDIR;
return execEnv;
}
function resolveTimeoutMs(timeoutMs: number | undefined): number {
if (typeof timeoutMs !== "number" || !Number.isFinite(timeoutMs)) {
return DEFAULT_TIMEOUT_MS;
@@ -145,10 +163,11 @@ export function loadShellEnvFallback(opts: ShellEnvFallbackOptions): ShellEnvFal
const timeoutMs = resolveTimeoutMs(opts.timeoutMs);
const shell = resolveShell(opts.env);
const execEnv = resolveShellExecEnv(opts.env);
let stdout: Buffer;
try {
stdout = execLoginShellEnvZero({ shell, env: opts.env, exec, timeoutMs });
stdout = execLoginShellEnvZero({ shell, env: execEnv, exec, timeoutMs });
} catch (err) {
const msg = err instanceof Error ? err.message : String(err);
logger.warn(`[openclaw] shell env fallback failed: ${msg}`);
@@ -213,10 +232,11 @@ export function getShellPathFromLoginShell(opts: {
const exec = opts.exec ?? execFileSync;
const timeoutMs = resolveTimeoutMs(opts.timeoutMs);
const shell = resolveShell(opts.env);
const execEnv = resolveShellExecEnv(opts.env);
let stdout: Buffer;
try {
stdout = execLoginShellEnvZero({ shell, env: opts.env, exec, timeoutMs });
stdout = execLoginShellEnvZero({ shell, env: execEnv, exec, timeoutMs });
} catch {
cachedShellPath = null;
return cachedShellPath;