From 1deebf1138ffb4d69893f52d94ceab2d4a68dcdf Mon Sep 17 00:00:00 2001
From: Donald Buczek <buczek@molgen.mpg.de>
Date: Wed, 29 Jan 2025 15:33:59 +0100
Subject: [PATCH] clusterd: Accept commands only from trusted hosts

---
 clusterd/clusterd | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/clusterd/clusterd b/clusterd/clusterd
index 3f09b06..b4cbdb1 100755
--- a/clusterd/clusterd
+++ b/clusterd/clusterd
@@ -954,6 +954,12 @@ sub clp_rx_LSOF {
 
 sub clp_rx_CMD {
     my ($socket,@cmd)=@_;
+
+    unless (is_trusted_ip($socket->peerhost())) {
+        warn "reveived command from untrusted host ". $socket->peerhost(). "\n";
+        return;
+    }
+
     my $pid=fork;
     unless (defined $pid) {
         warn"$!\n";