From 469a9bcca8b64df89a6e1246cc07bb41f43603ba Mon Sep 17 00:00:00 2001 From: xenago Date: Sat, 18 Mar 2023 22:10:21 -0400 Subject: [PATCH] update readme, bump: libc to 0.2.140, paste to 1.0.12, serde_json to 1.0.94, serde to 1.0.157 --- Cargo.lock | 34 +++++++++++++++++----------------- Cargo.toml | 8 ++++---- README.md | 9 +++++---- changelog/CHANGELOG.txt | 9 +++++---- 4 files changed, 31 insertions(+), 29 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7c63f53..0d1ed57 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -16,9 +16,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.137" +version = "0.2.140" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc7fcc620a3bff7cdd7a365be3376c97191aeaccc2a603e600951e452615bf89" +checksum = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c" [[package]] name = "libnss" @@ -38,7 +38,7 @@ dependencies = [ "lazy_static", "libc", "libnss", - "paste 1.0.9", + "paste 1.0.12", "serde", "serde_json", "shlex", @@ -56,9 +56,9 @@ dependencies = [ [[package]] name = "paste" -version = "1.0.9" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1de2e551fb905ac83f73f7aedf2f0cb4a0da7e35efa24a202a936269f1f18e1" +checksum = "9f746c4065a8fa3fe23974dd82f15431cc8d40779821001404d10d2e79ca7d79" [[package]] name = "paste-impl" @@ -77,18 +77,18 @@ checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" [[package]] name = "proc-macro2" -version = "1.0.39" +version = "1.0.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c54b25569025b7fc9651de43004ae593a75ad88543b17178aa5e1b9c4f15f56f" +checksum = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.18" +version = "1.0.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1feb54ed693b93a84e14094943b84b7c4eae204c512b7ccb95ab0c66d278ad1" +checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" dependencies = [ "proc-macro2", ] @@ -101,18 +101,18 @@ checksum = "f3f6f92acf49d1b98f7a81226834412ada05458b7364277387724a237f062695" [[package]] name = "serde" -version = "1.0.147" +version = "1.0.157" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d193d69bae983fc11a79df82342761dfbf28a99fc8d203dca4c3c1b590948965" +checksum = "707de5fcf5df2b5788fca98dd7eab490bc2fd9b7ef1404defc462833b83f25ca" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.147" +version = "1.0.157" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f1d362ca8fc9c3e3a7484440752472d68a6caa98f1ab81d99b5dfe517cec852" +checksum = "78997f4555c22a7971214540c4a661291970619afd56de19f77e0de86296e1e5" dependencies = [ "proc-macro2", "quote", @@ -121,9 +121,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.87" +version = "1.0.94" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ce777b7b150d76b9cf60d28b55f5847135a003f7d7350c6be7a773508ce7d45" +checksum = "1c533a59c9d8a93a09c6ab31f0fd5e5f4dd1b8fc9434804029839884765d04ea" dependencies = [ "itoa", "ryu", @@ -138,9 +138,9 @@ checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" [[package]] name = "syn" -version = "1.0.95" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbaf6116ab8924f39d52792136fb74fd60a80194cf1b1c6ffa6453eef1c3f942" +checksum = "59d3276aee1fa0c33612917969b5172b5be2db051232a6e4826f1a1a9191b045" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index ebe5e30..2c60f40 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,11 +16,11 @@ codegen-units = 1 # use a single thread [dependencies] lazy_static = "1.4.0" -libc = "0.2.137" +libc = "0.2.140" libnss = "0.4" -paste = "1.0.9" -serde_json = "1.0.87" -serde = { version = "1.0.147", features = ["derive"] } +paste = "1.0.12" +serde_json = "1.0.94" +serde = { version = "1.0.157", features = ["derive"] } shlex = "1.1.0" [lib] diff --git a/README.md b/README.md index 6fc8f21..b43e5d8 100755 --- a/README.md +++ b/README.md @@ -321,10 +321,11 @@ This NSS plugin runs commands defined in the file `/etc/libnss_shim/config.json` default. Ensure that this file, the commands defined inside it, and any other related resources remain inaccessible to other users, or the system may be vulnerable to privilege escalation attacks. -Commands are not passed through a shell for execution. Although it is certainly possible to run software like `bash` -with `libnss_shim`, using a shell is not recommended as this comes at the risk of command injection. If a shell is used -despite this, then codes used to pass data (like `<$name>`) are recommended to be set using environment variables rather -than arguments. +It is recommended to pass data (like `<$name>`) using environment variables rather than arguments, except for +testing purposes. Environment variables are generally private, whereas commands/launch args are not. + +Commands are not passed through a shell for execution. Although it is possible to run software like `bash` +with `libnss_shim`, using a shell is not recommended as this comes with additional risks such as command injection. ## Useful resources diff --git a/changelog/CHANGELOG.txt b/changelog/CHANGELOG.txt index 8fba9fc..88977d4 100644 --- a/changelog/CHANGELOG.txt +++ b/changelog/CHANGELOG.txt @@ -1,4 +1,5 @@ -- Update README (clarify usage of codes -- Update libc crate to 0.2.137 -- Update serde_json crate to 1.0.87 -- Update serde crate to 1.0.147 \ No newline at end of file +- Update README (clarify usage of codes) +- Update libc crate to 0.2.140 +- Update paste crate to 1.0.12 +- Update serde_json crate to 1.0.94 +- Update serde crate to 1.0.157 \ No newline at end of file