pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-13 16:21:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

PVF worker: Prevent access to env vars (#7330)

Browse Source
This commit is contained in:
Marcin S
2023-08-21 15:18:31 +02:00
committed by GitHub
parent 9be0b8a31e
commit f22bc2428f
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
polkadot/roadmap/implementers-guide/src/node/utility/pvf-host-and-workers.md
+7
View File
@@ -125,3 +125,10 @@ A basic security mechanism is to make sure that any thread directly interfacing
with untrusted code does not have access to the file-system. This provides some
protection against attackers accessing sensitive data or modifying data on the
host machine.
### Clearing env vars
We clear environment variables before handling untrusted code, because why give
attackers potentially sensitive data unnecessarily? And even if everything else
is locked down, env vars can potentially provide a source of randomness (see
point 1, "Consensus faults" above).