CodeCow/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-11 21:02:39 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
7f3bbc9865
tailscale/ssh/tailssh
History
Patrick O'Doherty 651049ec19
ssh/tailssh: reject dangerous LD_/DYLD_ env vars in acceptEnv filtering (#19914) 
Block dynamic linker environment variables (LD_PRELOAD, LD_LIBRARY_PATH,
DYLD_INSERT_LIBRARIES, and friends) from being forwarded regardless of
acceptEnv policy, preventing privilege escalation via wildcard patterns
like "*".

We are not aware of any legitimate use of these variables so they are
safe to exclude from being passed.

Thanks to Tim Sageser (dtrsecurity) for this report.

Updates tailscale/corp#42033

Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
2026-06-01 09:19:27 -07:00
..
testcontainers ssh/tailssh: speed up SSH integration tests 2026-04-13 14:18:27 -07:00
accept_env_test.go ssh/tailssh: reject dangerous LD_/DYLD_ env vars in acceptEnv filtering (#19914) 2026-06-01 09:19:27 -07:00
accept_env.go ssh/tailssh: reject dangerous LD_/DYLD_ env vars in acceptEnv filtering (#19914) 2026-06-01 09:19:27 -07:00
auditd_linux_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
auditd_linux.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
c2n.go ipn/ipnlocal, feature/ssh: move SSH code out of LocalBackend to feature 2026-03-10 17:27:17 -07:00
hostkeys_test.go ipn/ipnlocal, feature/ssh: move SSH code out of LocalBackend to feature 2026-03-10 17:27:17 -07:00
hostkeys.go ssh: replace tempfork with tailscale/gliderssh 2026-04-07 11:59:38 +01:00
incubator_linux.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
incubator_plan9.go ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers 2026-04-30 11:14:06 -07:00
incubator.go ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers 2026-04-30 11:14:06 -07:00
listen.go tsnet: add opt-in SSH support (Server.ListenSSH) 2026-05-30 14:17:50 -07:00
privs_test.go tstest: add RequireRoot helper 2026-04-10 10:48:50 -07:00
session.go tsnet: add opt-in SSH support (Server.ListenSSH) 2026-05-30 14:17:50 -07:00
tailssh_integration_test.go ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers 2026-04-30 11:14:06 -07:00
tailssh_test.go ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers 2026-04-30 11:14:06 -07:00
tailssh.go ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers 2026-04-30 11:14:06 -07:00
user.go ssh/tailssh: fix default PATH for Debian 2026-04-09 11:57:40 -04:00