Do not send envVars in ServerInfo() (#4422)

Sending envVars along with access and secret exposes the entire minio server's sensitive information. This will be an unexpected situation for all users. If at all we need to look for things like if credentials are set through env, we should only have access to only this information not the entire set of system envs.
2025-11-20 18:06:10 -05:00 · 2017-05-24 21:09:23 -07:00
parent 99ca8a2928
commit b78f6fbcc5
6 changed files with 40 additions and 25 deletions
--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@@ -50,12 +50,12 @@ type WebGenericRep struct {

 // ServerInfoRep - server info reply.
 type ServerInfoRep struct {
-	MinioVersion  string
-	MinioMemory   string
-	MinioPlatform string
-	MinioRuntime  string
-	MinioEnvVars  []string
-	UIVersion     string `json:"uiVersion"`
+	MinioVersion    string
+	MinioMemory     string
+	MinioPlatform   string
+	MinioRuntime    string
+	MinioGlobalInfo map[string]interface{}
+	UIVersion       string `json:"uiVersion"`
 }

 // ServerInfo - get server info.
@@ -80,8 +80,8 @@ func (web *webAPIHandlers) ServerInfo(r *http.Request, args *WebGenericArgs, rep
 		runtime.GOARCH)
 	goruntime := fmt.Sprintf("Version: %s | CPUs: %s", runtime.Version(), strconv.Itoa(runtime.NumCPU()))

-	reply.MinioEnvVars = os.Environ()
 	reply.MinioVersion = Version
+	reply.MinioGlobalInfo = getGlobalInfo()
 	reply.MinioMemory = mem
 	reply.MinioPlatform = platform
 	reply.MinioRuntime = goruntime