5 Commits

Author	SHA1	Message	Date
Ophestra Umiker	4b7b899bb3	add package doc comments ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:57:59 +09:00
Ophestra Umiker	65af1684e3	migrate to git.ophivana.moe/security/fortify ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:13 +09:00
Ophestra Umiker	73a698c7cb	ldd: run ldd with read-only filesystem and unshared net ... This is only called on trusted programs, however extra hardening is never a bad idea. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-17 15:37:27 +09:00
Ophestra Umiker	d41b9d2d9c	ldd: separate Parse from Exec and trim space ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 23:51:15 +09:00
Ophestra Umiker	6232291cae	ldd: implement strict ldd output parser ... Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 20:39:27 +09:00