Sanitize environment before starting backend processes (rclone, ssh)

The restic security model includes full trust of the local machine, so this should not fix any actual security problems, but it's better to be safe than sorry. Fixes #2192.
2025-11-15 19:23:18 +00:00 · 2020-10-03 13:27:23 +02:00
parent 4875f7b659
commit 11fbaaae9a
5 changed files with 67 additions and 12 deletions
--- a/internal/backend/foreground_test.go
+++ b/internal/backend/foreground_test.go
@@ -0,0 +1,38 @@
+// +build !windows
+
+package backend_test
+
+import (
+	"bufio"
+	"os"
+	"os/exec"
+	"strings"
+	"testing"
+
+	"github.com/restic/restic/internal/backend"
+	rtest "github.com/restic/restic/internal/test"
+)
+
+func TestForeground(t *testing.T) {
+	err := os.Setenv("RESTIC_PASSWORD", "supersecret")
+	rtest.OK(t, err)
+
+	cmd := exec.Command("env")
+	stdout, err := cmd.StdoutPipe()
+	rtest.OK(t, err)
+
+	bg, err := backend.StartForeground(cmd)
+	rtest.OK(t, err)
+	defer cmd.Wait()
+
+	err = bg()
+	rtest.OK(t, err)
+
+	sc := bufio.NewScanner(stdout)
+	for sc.Scan() {
+		if strings.HasPrefix(sc.Text(), "RESTIC_PASSWORD=") {
+			t.Error("subprocess got to see the password")
+		}
+	}
+	rtest.OK(t, err)
+}