fortify

Commit Graph

Author	SHA1	Message	Date
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries test / test (push) Successful in 19s Details This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	aa1f96eeeb	fsu: check parent executable path test / test (push) Successful in 19s Details Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 18:52:23 +09:00
Ophestra Umiker	d9cb2a9f2b	fsu: implement simple setuid user switcher Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 00:02:34 +09:00

Author

SHA1

Message

Date

Ophestra Umiker

584732f80a

cmd: shim and init into separate binaries

test / test (push) Successful in 19s Details

This change also fixes a deadlock when shim fails to connect and complete the setup.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>

2024-11-02 03:13:57 +09:00

Ophestra Umiker

aa1f96eeeb

fsu: check parent executable path

test / test (push) Successful in 19s Details

Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>

2024-10-28 18:52:23 +09:00

Ophestra Umiker

d9cb2a9f2b

fsu: implement simple setuid user switcher

Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>

2024-10-28 00:02:34 +09:00

3 Commits