github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-25 06:58:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(exec): block dangerous override-only env pivots

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-07 19:17:59 +00:00
parent 6aa80844b8
commit e27bbe4982
8 changed files with 155 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift
View File

@@ -27,7 +27,35 @@ enum HostEnvSecurityPolicy {
static let blockedOverrideKeys: Set<String> = [
"HOME",
"ZDOTDIR"
"ZDOTDIR",
"GIT_SSH_COMMAND",
"GIT_SSH",
"GIT_PROXY_COMMAND",
"GIT_ASKPASS",
"SSH_ASKPASS",
"LESSOPEN",
"LESSCLOSE",
"PAGER",
"MANPAGER",
"GIT_PAGER",
"EDITOR",
"VISUAL",
"FCEDIT",
"SUDO_EDITOR",
"PROMPT_COMMAND",
"HISTFILE",
"PERL5DB",
"PERL5DBCMD",
"OPENSSL_CONF",
"OPENSSL_ENGINES",
"PYTHONSTARTUP",
"WGETRC",
"CURL_HOME"
]
static let blockedOverridePrefixes: [String] = [
"GIT_CONFIG_",
"NPM_CONFIG_"
]
static let blockedPrefixes: [String] = [