fortify

Author	SHA1	Message	Date
Ophestra	24618ab9a1	sandbox: move out of internal All checks were successful Test / Create distribution (push) Successful in 18s Details Test / Fpkg (push) Successful in 2m40s Details Test / Data race detector (push) Successful in 3m13s Details Test / Fortify (push) Successful in 3m1s Details Test / Flake checks (push) Successful in 51s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:55:36 +09:00
Ophestra	bc54db54d2	ldd: always copy stderr All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m30s Details Test / Fpkg (push) Successful in 3m34s Details Test / Data race detector (push) Successful in 3m55s Details Test / Flake checks (push) Successful in 53s Details Dropping the buffer on success is unhelpful and could hide some useful information. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 00:08:00 +09:00
Ophestra	bf07b7cd9e	ldd: mount /proc in container All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fpkg (push) Successful in 3m45s Details Test / Data race detector (push) Successful in 4m0s Details Test / Fortify (push) Successful in 1m54s Details Test / Flake checks (push) Successful in 53s Details This covers host /proc. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 00:01:03 +09:00
Ophestra	48feca800f	sandbox: check command function pointer All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m37s Details Test / Fpkg (push) Successful in 3m25s Details Test / Data race detector (push) Successful in 3m59s Details Test / Flake checks (push) Successful in 55s Details Setting default CommandContext on initialisation is somewhat of a footgun. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 23:29:14 +09:00
Ophestra	273d97af85	ldd: lib paths resolve function All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m37s Details Test / Fpkg (push) Successful in 3m37s Details Test / Data race detector (push) Successful in 3m50s Details Test / Flake checks (push) Successful in 56s Details This is what always happens right after a ldd call, so implement it here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 01:20:09 +09:00
Ophestra	4bb5d9780f	ldd: run in native sandbox All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m27s Details Test / Fpkg (push) Successful in 3m22s Details Test / Data race detector (push) Successful in 3m43s Details Test / Flake checks (push) Successful in 48s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:55:55 +09:00
Ophestra	d22145a392	ldd: handle musl static behaviour All checks were successful Test / Create distribution (push) Successful in 28s Details Test / Fortify (push) Successful in 2m36s Details Test / Fpkg (push) Successful in 3m24s Details Test / Data race detector (push) Successful in 3m32s Details Test / Flake checks (push) Successful in 50s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 23:29:43 +09:00
Ophestra	39dc8e7bd8	dbus: set process group id All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m18s Details Test / Data race detector (push) Successful in 3m11s Details Test / Flake checks (push) Successful in 40s Details This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-25 18:12:41 +09:00
Ophestra	dccb366608	ldd: handle behaviour on static executable All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m27s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 18:02:33 +09:00
Ophestra	83c8f0488b	ldd: pass absolute path to bwrap All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Run NixOS test (push) Successful in 3m31s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 17:46:22 +09:00
Ophestra	fe7d208cf7	helper: use generic extra files interface All checks were successful Test / Create distribution (push) Successful in 1m38s Details Test / Run NixOS test (push) Successful in 4m36s Details This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
Ophestra	5a64cdaf4f	ldd: enable syscall filter All checks were successful Build / Create distribution (push) Successful in 1m55s Details Test / Run NixOS test (push) Successful in 4m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 02:00:49 +09:00
Ophestra	9a239fa1a5	helper/bwrap: integrate seccomp into helper interface All checks were successful Build / Create distribution (push) Successful in 1m36s Details Test / Run NixOS test (push) Successful in 3m40s Details This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:52:57 +09:00
Ophestra	2f70506865	helper/bwrap: move sync to helper state All checks were successful Build / Create distribution (push) Successful in 1m25s Details Test / Run NixOS test (push) Successful in 3m33s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:38:13 +09:00
Ophestra	b956ce4052	ldd: trim leading and trailing white spaces from name All checks were successful Tests / Go tests (push) Successful in 33s Details Nix / NixOS tests (push) Successful in 3m31s Details Glibc emits ldd output with \t prefix for formatting. Remove that here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 16:53:01 +09:00
Ophestra	ade57c39af	ldd: add fhs glibc test case All checks were successful Tests / Go tests (push) Successful in 33s Details Nix / NixOS tests (push) Successful in 3m34s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 16:33:02 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify All checks were successful Tests / Go tests (push) Successful in 2m55s Details Nix / NixOS tests (push) Successful in 5m10s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	4b7b899bb3	add package doc comments All checks were successful test / test (push) Successful in 19s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:57:59 +09:00
Ophestra Umiker	65af1684e3	migrate to git.ophivana.moe/security/fortify All checks were successful test / test (push) Successful in 14s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:13 +09:00
Ophestra Umiker	73a698c7cb	ldd: run ldd with read-only filesystem and unshared net This is only called on trusted programs, however extra hardening is never a bad idea. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-17 15:37:27 +09:00
Ophestra Umiker	d41b9d2d9c	ldd: separate Parse from Exec and trim space Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 23:51:15 +09:00
Ophestra Umiker	6232291cae	ldd: implement strict ldd output parser Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 20:39:27 +09:00

22 Commits