From 422d8e00d5b5abad4b57a639822403487520f29a Mon Sep 17 00:00:00 2001 From: Ophestra Umiker Date: Sat, 2 Nov 2024 17:00:25 +0900 Subject: [PATCH] fortify: replace direct syscall with prctl wrapper Signed-off-by: Ophestra Umiker --- main.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index 4ffca31..309af76 100644 --- a/main.go +++ b/main.go @@ -2,8 +2,8 @@ package main import ( "flag" - "syscall" + "git.ophivana.moe/security/fortify/internal" "git.ophivana.moe/security/fortify/internal/app" "git.ophivana.moe/security/fortify/internal/fmsg" "git.ophivana.moe/security/fortify/internal/linux" @@ -20,9 +20,9 @@ func init() { var os = new(linux.Std) func main() { - // linux/sched/coredump.h - if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, 0, 0); errno != 0 { - fmsg.Printf("cannot set SUID_DUMP_DISABLE: %s", errno.Error()) + if err := internal.PR_SET_DUMPABLE__SUID_DUMP_DISABLE(); err != nil { + fmsg.Printf("cannot set SUID_DUMP_DISABLE: %s", err) + // not fatal: this program runs as the privileged user } flag.Parse()