From 66c314e38ff3718f2a923ff0606d8040dcdcb125 Mon Sep 17 00:00:00 2001
From: Donald Buczek <buczek@molgen.mpg.de>
Date: Wed, 29 Jan 2025 15:33:59 +0100
Subject: [PATCH] clusterd: Accept commands only from trusted hosts

---
 clusterd/clusterd | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/clusterd/clusterd b/clusterd/clusterd
index 2988e48..943e17b 100755
--- a/clusterd/clusterd
+++ b/clusterd/clusterd
@@ -524,6 +524,7 @@ package main;
 use warnings;
 use strict;
 use IO::File;
+use IO::Pipe;
 use Sys::Syslog;
 use IO::Socket::INET;
 use Data::Dumper;
@@ -953,6 +954,12 @@ sub clp_rx_LSOF {
 
 sub clp_rx_CMD {
     my ($socket,@cmd)=@_;
+
+    unless (is_trusted_ip($socket->peerhost())) {
+        warn "reveived command from untrusted host ". $socket->peerhost(). "\n";
+        return;
+    }
+
     my $pid=fork;
     unless (defined $pid) {
         warn"$!\n";