Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-16239

External builders should run in controlled environment

    XMLWordPrintable

    Details

      Description

      By default, when a process is started, it inherits the environment of its caller. In the context of external chaincode, the environment of the peer is propagated to the builder. Given most users of the peer rely on environment variables to influence the configuration, it's quite likely that sensitive information is accessible in the environment.

      In order to reduce the likelihood of information leaks via the environment, the external build configuration element in the peer should be extended to support and environment variable name whitelist. Any environment keys in that list will be propagated to the external builder.

      The default list should contain PATH, LIBPATH, and TMPDIR. It's likely that environment variables like http_proxy/HTTP_PROXY will be added by users.

        Attachments

          Activity

            People

            Assignee:
            btl5037 Brett Logan
            Reporter:
            sykesm Matthew Sykes
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration