18 Commits

Author	SHA1	Message	Date
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	52f21a19f3	cmd/fshim: switch to setup pipe ... The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 19:39:25 +09:00
Ophestra Umiker	7be53a2438	cmd/fshim: switch to generic setup func ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:31 +09:00
Ophestra Umiker	f69e8e753e	cmd/finit: switch to generic receive func ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 16:49:19 +09:00
Ophestra Umiker	b453f70ca2	cmd/fsu: check uid range before syscall ... This limits potential exploits to the fortify uid range. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 13:01:36 +09:00
Ophestra Umiker	33c95b80ca	cmd/fuserdb: rename home directories ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:23:46 +09:00
Ophestra Umiker	cc816a1aaa	proc: cleaner extra files ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 16:05:04 +09:00
Ophestra Umiker	b3ef53b193	app: integrate security-context-v1 ... Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:25:33 +09:00
Ophestra Umiker	ae2628e57a	cmd/fshim/ipc: install signal handler on shim start ... Getting killed at this point will result in inconsistent state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:33:46 +09:00
Ophestra Umiker	2e23cef7bb	cmd/fuserdb: generate group entries ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:31:06 +09:00
Ophestra Umiker	6a6d30af1f	cmd/fuserdb: systemd userdb drop-in entries generator ... This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:16:02 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu ... This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	45fead18c3	cmd/fshim: set no_new_privs flag ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-09 11:50:56 +09:00
Ophestra Umiker	88abcbe0b2	cmd/fsu: remove import of internal package ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:32:14 +09:00
Ophestra Umiker	8cd3651bb6	cmd/fshim/ipc: friendly setup timeout message ... This message eventually gets returned by the app's Start method, so they should be wrapped to provide a friendly message. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-03 02:03:30 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries ... This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	aa1f96eeeb	fsu: check parent executable path ... Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 18:52:23 +09:00
Ophestra Umiker	d9cb2a9f2b	fsu: implement simple setuid user switcher ... Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 00:02:34 +09:00