From 6b63f0f9552e5304c130320d5b7261ff75493c49 Mon Sep 17 00:00:00 2001 From: matthew-pilot Date: Fri, 29 May 2026 17:24:51 +0000 Subject: [PATCH] fix(daemon): warn when PILOT_REGISTRY/PILOT_BEACON env vars override compiled defaults (PILOT-236) PILOT_REGISTRY and PILOT_BEACON env vars silently override compiled defaults at startup with no log entry or warning. An attacker who controls the daemon's environment can redirect registry/beacon to attacker-controlled endpoints, granting trust to an imposter network. This adds a slog.Warn log entry after logging setup when either env var overrides the compiled default, alerting the operator that the daemon is connecting to a non-default registry or beacon address. Closes PILOT-236 --- cmd/daemon/main.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/cmd/daemon/main.go b/cmd/daemon/main.go index 166a1c16..c90b2fd8 100644 --- a/cmd/daemon/main.go +++ b/cmd/daemon/main.go @@ -38,12 +38,16 @@ var version = "dev" func main() { configPath := flag.String("config", "", "path to config file (JSON)") registryDefault := "34.71.57.205:9000" + registryFromEnv := false if v := os.Getenv("PILOT_REGISTRY"); v != "" { registryDefault = v + registryFromEnv = true } beaconDefault := "34.71.57.205:9001" + beaconFromEnv := false if v := os.Getenv("PILOT_BEACON"); v != "" { beaconDefault = v + beaconFromEnv = true } registryAddr := flag.String("registry", registryDefault, "registry server address (or $PILOT_REGISTRY)") beaconAddr := flag.String("beacon", beaconDefault, "beacon server address (or $PILOT_BEACON)") @@ -138,6 +142,13 @@ func main() { logging.Setup(*logLevel, *logFormat) + if registryFromEnv { + slog.Warn("PILOT_REGISTRY env var overrides compiled default — registry address redirected to " + *registryAddr + ". If this is unexpected, check the daemon's environment for tampering.") + } + if beaconFromEnv { + slog.Warn("PILOT_BEACON env var overrides compiled default — beacon address redirected to " + *beaconAddr + ". If this is unexpected, check the daemon's environment for tampering.") + } + d := daemon.New(daemon.Config{ RegistryAddr: *registryAddr, BeaconAddr: *beaconAddr,