[Security] Environment variable blocklist incomplete — missing GLIBC_TUNABLES, JAVA_TOOL_OPTIONS, etc. #22681
Description
Summary
The host-env-security-policy.json blocks some dangerous environment variables, but is missing several that can be used for code injection or behavior modification.
Current State
src/infra/host-env-security-policy.json:
{
"blockedKeys": [
"NODE_OPTIONS",
"NODE_PATH",
"PYTHONHOME",
"PYTHONPATH",
"PERL5LIB",
"PERL5OPT",
"RUBYLIB",
"RUBYOPT",
"BASH_ENV",
"ENV",
"GCONV_PATH",
"IFS",
"SSLKEYLOGFILE"
],
"blockedPrefixes": ["DYLD_", "LD_", "BASH_FUNC_"]
}Missing Dangerous Variables
| Variable | Risk | Description |
|---|---|---|
GLIBC_TUNABLES |
Code injection | glibc dynamic linker behavior modification |
JAVA_TOOL_OPTIONS |
Code injection | Java JVM options injection |
JDK_JAVA_OPTIONS |
Code injection | Java 9+ JVM options |
LD_AUDIT |
Code injection | Dynamic linker audit library |
OPENCLAW_* |
Behavior modification | Could affect OpenClaw behavior from user-provided env |
Attack Vector
If an attacker gains access to the exec tool (even with allowlist mode), they could inject code via:
GLIBC_TUNABLES=glibc.tune.hwcaps=-AVX512F some_command
JAVA_TOOL_OPTIONS="-Djava.security.manager=..." java_appSuggested Fix
{
"blockedKeys": [
"NODE_OPTIONS",
"NODE_PATH",
"PYTHONHOME",
"PYTHONPATH",
"PERL5LIB",
"PERL5OPT",
"RUBYLIB",
"RUBYOPT",
"BASH_ENV",
"ENV",
"GCONV_PATH",
"IFS",
"SSLKEYLOGFILE",
"GLIBC_TUNABLES",
"JAVA_TOOL_OPTIONS",
"JDK_JAVA_OPTIONS",
"LD_AUDIT"
],
"blockedPrefixes": ["DYLD_", "LD_", "BASH_FUNC_", "OPENCLAW_"]
}Severity
Medium - Requires exec tool access, but could lead to privilege escalation or sandbox escape.
Related
- Security audit conducted on 2026-02-21
- Verified that existing SSRF, path traversal, and URL navigation protections are correctly implemented