github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 10:17:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): block HOME and ZDOTDIR env override injection

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 09:41:55 +01:00
parent ccc00d874c
commit c2c7114ed3
6 changed files with 55 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/infra/host-env-security-policy.json
View File

@@ -15,5 +15,6 @@
"IFS",
"SSLKEYLOGFILE"
],
"blockedOverrideKeys": ["HOME", "ZDOTDIR"],
"blockedPrefixes": ["DYLD_", "LD_", "BASH_FUNC_"]
}