Shell driver allows setting dangerous environment variables

[raballew]

Description

The shell driver at python/packages/jumpstarter-driver-shell/jumpstarter_driver_shell/driver.py:86-95 lets clients set environment variables for subprocesses. It only checks that the variable name is a valid identifier (e.g. no spaces or special characters), but does not block known-dangerous variables.

The shell driver only runs operator-defined scripts (configured in the exporter YAML via methods), not arbitrary commands from the client. However, a lease holder could set LD_PRELOAD to load a malicious shared library into every subprocess the shell driver spawns, or override PATH to redirect commands to attacker-controlled binaries. This escalates from "run predefined scripts with controlled arguments" to "execute arbitrary code," allowing access to files and processes on the exporter host beyond what the configured shell methods intended to expose.

Suggested Fix

• Block known-dangerous environment variables: LD_PRELOAD, LD_LIBRARY_PATH, PATH, PYTHONPATH, BASH_ENV, BASH_FUNC_*, KUBECONFIG, HOME