fortify/ldd/exec.go

package ldd

import (
	"bytes"
	"context"
	"os"
	"os/exec"
	"time"

	"git.gensokyo.uk/security/fortify/helper"
	"git.gensokyo.uk/security/fortify/helper/bwrap"
)

const lddTimeout = 2 * time.Second

var (
	msgStaticGlibc = []byte("not a dynamic executable")
)

func Exec(ctx context.Context, p string) ([]*Entry, error) {
	var h helper.Helper

	if toolPath, err := exec.LookPath("ldd"); err != nil {
		return nil, err
	} else if h, err = helper.NewBwrap(
		(&bwrap.Config{
			Hostname:      "fortify-ldd",
			Chdir:         "/",
			Syscall:       &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true},
			NewSession:    true,
			DieWithParent: true,
		}).Bind("/", "/").DevTmpfs("/dev"), toolPath,
		nil, func(_, _ int) []string { return []string{p} },
		nil, nil,
	); err != nil {
		return nil, err
	}

	stdout, stderr := new(bytes.Buffer), new(bytes.Buffer)
	h.Stdout(stdout).Stderr(stderr)

	c, cancel := context.WithTimeout(ctx, lddTimeout)
	defer cancel()
	if err := h.Start(c, false); err != nil {
		return nil, err
	}
	if err := h.Wait(); err != nil {
		m := stderr.Bytes()
		if bytes.Contains(m, msgStaticGlibc) {
			return nil, nil
		}

		_, _ = os.Stderr.Write(m)
		return nil, err
	}

	return Parse(stdout)
}
ldd: separate Parse from Exec and trim space Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-09 23:51:15 +09:00			`package ldd`

			`import (`
ldd: handle behaviour on static executable Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-23 18:02:33 +09:00			`"bytes"`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`"context"`
ldd: separate Parse from Exec and trim space Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-09 23:51:15 +09:00			`"os"`
ldd: pass absolute path to bwrap Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-23 17:46:22 +09:00			`"os/exec"`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`"time"`
ldd: run ldd with read-only filesystem and unshared net This is only called on trusted programs, however extra hardening is never a bad idea. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-17 15:37:27 +09:00
migrate to git.gensokyo.uk/security/fortify Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-12-20 00:20:02 +09:00			`"git.gensokyo.uk/security/fortify/helper"`
			`"git.gensokyo.uk/security/fortify/helper/bwrap"`
ldd: separate Parse from Exec and trim space Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-09 23:51:15 +09:00			`)`

helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`const lddTimeout = 2 * time.Second`

ldd: handle behaviour on static executable Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-23 18:02:33 +09:00			`var (`
			`msgStaticGlibc = []byte("not a dynamic executable")`
			`)`

helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`func Exec(ctx context.Context, p string) ([]*Entry, error) {`
			`var h helper.Helper`
ldd: run ldd with read-only filesystem and unshared net This is only called on trusted programs, however extra hardening is never a bad idea. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-17 15:37:27 +09:00
ldd: pass absolute path to bwrap Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-23 17:46:22 +09:00			`if toolPath, err := exec.LookPath("ldd"); err != nil {`
			`return nil, err`
			`} else if h, err = helper.NewBwrap(`
helper/bwrap: move sync to helper state Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-19 18:38:13 +09:00			`(&bwrap.Config{`
			`Hostname: "fortify-ldd",`
			`Chdir: "/",`
ldd: enable syscall filter Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-22 02:00:49 +09:00			`Syscall: &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true},`
helper/bwrap: move sync to helper state Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-19 18:38:13 +09:00			`NewSession: true,`
			`DieWithParent: true,`
ldd: pass absolute path to bwrap Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-23 17:46:22 +09:00			`}).Bind("/", "/").DevTmpfs("/dev"), toolPath,`
helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-22 01:51:10 +09:00			`nil, func(_, _ int) []string { return []string{p} },`
			`nil, nil,`
helper/bwrap: move sync to helper state Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-19 18:38:13 +09:00			`); err != nil {`
ldd: run ldd with read-only filesystem and unshared net This is only called on trusted programs, however extra hardening is never a bad idea. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-17 15:37:27 +09:00			`return nil, err`
			`}`

ldd: handle behaviour on static executable Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-23 18:02:33 +09:00			`stdout, stderr := new(bytes.Buffer), new(bytes.Buffer)`
			`h.Stdout(stdout).Stderr(stderr)`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00
			`c, cancel := context.WithTimeout(ctx, lddTimeout)`
			`defer cancel()`
			`if err := h.Start(c, false); err != nil {`
ldd: run ldd with read-only filesystem and unshared net This is only called on trusted programs, however extra hardening is never a bad idea. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-17 15:37:27 +09:00			`return nil, err`
			`}`
			`if err := h.Wait(); err != nil {`
ldd: handle behaviour on static executable Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-23 18:02:33 +09:00			`m := stderr.Bytes()`
			`if bytes.Contains(m, msgStaticGlibc) {`
			`return nil, nil`
			`}`

			`_, _ = os.Stderr.Write(m)`
ldd: separate Parse from Exec and trim space Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-09 23:51:15 +09:00			`return nil, err`
			`}`

helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`return Parse(stdout)`
ldd: separate Parse from Exec and trim space Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-09 23:51:15 +09:00			`}`