fortify: replace direct syscall with prctl wrapper
test / test (push) Successful in 20s Details

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra Umiker 2024-11-02 17:00:25 +09:00
parent 584732f80a
commit 422d8e00d5
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 4 additions and 4 deletions

View File

@ -2,8 +2,8 @@ package main
import ( import (
"flag" "flag"
"syscall"
"git.ophivana.moe/security/fortify/internal"
"git.ophivana.moe/security/fortify/internal/app" "git.ophivana.moe/security/fortify/internal/app"
"git.ophivana.moe/security/fortify/internal/fmsg" "git.ophivana.moe/security/fortify/internal/fmsg"
"git.ophivana.moe/security/fortify/internal/linux" "git.ophivana.moe/security/fortify/internal/linux"
@ -20,9 +20,9 @@ func init() {
var os = new(linux.Std) var os = new(linux.Std)
func main() { func main() {
// linux/sched/coredump.h if err := internal.PR_SET_DUMPABLE__SUID_DUMP_DISABLE(); err != nil {
if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, 0, 0); errno != 0 { fmsg.Printf("cannot set SUID_DUMP_DISABLE: %s", err)
fmsg.Printf("cannot set SUID_DUMP_DISABLE: %s", errno.Error()) // not fatal: this program runs as the privileged user
} }
flag.Parse() flag.Parse()