From 7a4aca42ad9c512abd2b131ec0cae4c330deeacb Mon Sep 17 00:00:00 2001
From: Profpatsch <mail@profpatsch.de>
Date: Tue, 9 Feb 2021 20:55:35 +0100
Subject: fix(users/Profpatsch/arglib): remove env var after read

arglib should remove its arguments after reading it, to prevent them
from leaking to any child processes.

Change-Id: Ifc107b1620b8e407bad6b3d0ad7f4728856ec2ba
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2501
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
---
 users/Profpatsch/arglib/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'users/Profpatsch/arglib')

diff --git a/users/Profpatsch/arglib/default.nix b/users/Profpatsch/arglib/default.nix
index 4da2e196db..b263654ac3 100644
--- a/users/Profpatsch/arglib/default.nix
+++ b/users/Profpatsch/arglib/default.nix
@@ -20,7 +20,7 @@ let
               None => std::ffi::OsStr::from_bytes("ARGLIB_NETENCODE".as_bytes()),
               Some(a) => a
           };
-          match std::env::var_os(env) {
+          let t = match std::env::var_os(env) {
               None => exec_helpers::die_user_error(prog_name, format!("could not read args, envvar {} not set", env.to_string_lossy())),
               // TODO: good error handling for the different parser errors
               Some(soup) => match netencode::parse::t_t(soup.as_bytes()) {
@@ -30,7 +30,9 @@ let
                   },
                   Err(err) => exec_helpers::die_environment_problem(prog_name, format!("arglib parsing error: {:?}", err))
               }
-          }
+          };
+          std::env::remove_var(env);
+          t
       }
     '';
   };
-- 
cgit 1.4.1