mirror/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-03 05:25:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
7f3bbc98657182da74fa497d63efc5bbd68b0a0f
tailscale/ssh/tailssh
History
Patrick O'Doherty 651049ec19 ssh/tailssh: reject dangerous LD_/DYLD_ env vars in acceptEnv filtering (#19914) 
Block dynamic linker environment variables (LD_PRELOAD, LD_LIBRARY_PATH,
DYLD_INSERT_LIBRARIES, and friends) from being forwarded regardless of
acceptEnv policy, preventing privilege escalation via wildcard patterns
like "*".

We are not aware of any legitimate use of these variables so they are
safe to exclude from being passed.

Thanks to Tim Sageser (dtrsecurity) for this report.

Updates tailscale/corp#42033

Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
2026-06-01 09:19:27 -07:00
..
testcontainers
ssh/tailssh: speed up SSH integration tests
2026-04-13 14:18:27 -07:00
accept_env_test.go
ssh/tailssh: reject dangerous LD_/DYLD_ env vars in acceptEnv filtering (#19914)
2026-06-01 09:19:27 -07:00
accept_env.go
ssh/tailssh: reject dangerous LD_/DYLD_ env vars in acceptEnv filtering (#19914)
2026-06-01 09:19:27 -07:00
auditd_linux_test.go
all: remove AUTHORS file and references to it
2026-01-23 15:49:45 -08:00
auditd_linux.go
all: remove AUTHORS file and references to it
2026-01-23 15:49:45 -08:00
c2n.go
ipn/ipnlocal, feature/ssh: move SSH code out of LocalBackend to feature
2026-03-10 17:27:17 -07:00
hostkeys_test.go
ipn/ipnlocal, feature/ssh: move SSH code out of LocalBackend to feature
2026-03-10 17:27:17 -07:00
hostkeys.go
ssh: replace tempfork with tailscale/gliderssh
2026-04-07 11:59:38 +01:00
incubator_linux.go
all: remove AUTHORS file and references to it
2026-01-23 15:49:45 -08:00
incubator_plan9.go
ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers
2026-04-30 11:14:06 -07:00
incubator.go
ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers
2026-04-30 11:14:06 -07:00
listen.go
tsnet: add opt-in SSH support (Server.ListenSSH)
2026-05-30 14:17:50 -07:00
privs_test.go
tstest: add RequireRoot helper
2026-04-10 10:48:50 -07:00
session.go
tsnet: add opt-in SSH support (Server.ListenSSH)
2026-05-30 14:17:50 -07:00
tailssh_integration_test.go
ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers
2026-04-30 11:14:06 -07:00
tailssh_test.go
ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers
2026-04-30 11:14:06 -07:00
tailssh.go
ipn/ipnlocal, all: split LocalBackend.NetMap into NetMapNoPeers / NetMapWithPeers
2026-04-30 11:14:06 -07:00
user.go
ssh/tailssh: fix default PATH for Debian
2026-04-09 11:57:40 -04:00