commit d95c6125eef60ed5a3bb24db1d77bc140330ee85 parent dd66b78a8a2760cdbb19e6f7c93b35bb3f1ec194 Author: guysv <sviryguy@gmail.com> Date: Sat, 14 Dec 2019 23:16:55 +0200 pass args as env-vars to new windows before this commit specially crafted user/channel could escape the `tmux new-window` command, and inject commands on their own. fortunately, ii normalizes file names and escapes dangerous characters, so no real harm can be done. this is now mitigated at our scope. Diffstat:
| M | hysteria-monitor | | | 7 | ++++--- |
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/hysteria-monitor b/hysteria-monitor @@ -42,9 +42,10 @@ while :; do if test x"${inputcmd}" = x""; then inputcmd='cat >> "$INFILE"' fi - tmux new-window "tail -f '$OUTFILE' | hysteria-highlight -n '($nick)' -w '($nick)'" - tmux split-window -v -p 1 "tmux resize-pane -y 2; \ - CHAN='$CHAN' INFILE='$INFILE' OUTFILE='$OUTFILE' eval '$inputcmd'" + # arguments are passed as environment variables to mitigate possible shell injections + tmux new-window -e "OUTFILE=$OUTFILE" -e "nick=$nick" 'tail -f "$OUTFILE" | hysteria-highlight -n "($nick)" -w "($nick)"' + tmux split-window -v -p 1 -e "CHAN=$CHAN" -e "INFILE=$INFILE" -e "OUTFILE=$OUTFILE" -e "inputcmd=$inputcmd" \ + 'tmux resize-pane -y 2; CHAN="$CHAN" INFILE="$INFILE" OUTFILE="$OUTFILE" eval "$inputcmd"' tmux rename-window "$title" fi done