clusterd: Accept commands only from trusted hosts

mariux64 · Jan 29, 2025 · 66c314e · 66c314e
1 parent 6a7bf6f
commit 66c314e
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/clusterd/clusterd b/clusterd/clusterd
@@ -524,6 +524,7 @@ package main;
 use warnings;
 use strict;
 use IO::File;
+use IO::Pipe;
 use Sys::Syslog;
 use IO::Socket::INET;
 use Data::Dumper;
@@ -953,6 +954,12 @@ sub clp_rx_LSOF {
 
 sub clp_rx_CMD {
     my ($socket,@cmd)=@_;
+
+    unless (is_trusted_ip($socket->peerhost())) {
+        warn "reveived command from untrusted host ". $socket->peerhost(). "\n";
+        return;
+    }
+
     my $pid=fork;
     unless (defined $pid) {
         warn"$!\n";