pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-14 05:11:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

PVF worker: Prevent access to env vars (#7330)

Browse Source
This commit is contained in:
Marcin S
2023-08-21 15:18:31 +02:00
committed by GitHub
parent 9be0b8a31e
commit f22bc2428f
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
polkadot/node/core/pvf/common/src/worker/mod.rs
+10
View File
@@ -128,6 +128,16 @@ pub fn worker_event_loop<F, Fut>(
}
}
// Delete all env vars to prevent malicious code from accessing them.
for (key, _) in std::env::vars() {
// TODO: *theoretically* the value (or mere presence) of `RUST_LOG` can be a source of
// randomness for malicious code. In the future we can remove it also and log in the host;
// see <https://github.com/paritytech/polkadot/issues/7117>.
if key != "RUST_LOG" {
std::env::remove_var(key);
}
}
// Run the main worker loop.
let rt = Runtime::new().expect("Creates tokio runtime. If this panics the worker will die and the host will detect that and deal with it.");
let err = rt