fortify

Author	SHA1	Message	Date
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify All checks were successful Tests / Go tests (push) Successful in 2m55s Details Nix / NixOS tests (push) Successful in 5m10s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	4b7b899bb3	add package doc comments All checks were successful test / test (push) Successful in 19s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:57:59 +09:00
Ophestra Umiker	65af1684e3	migrate to git.ophivana.moe/security/fortify All checks were successful test / test (push) Successful in 14s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:13 +09:00
Ophestra Umiker	73a698c7cb	ldd: run ldd with read-only filesystem and unshared net This is only called on trusted programs, however extra hardening is never a bad idea. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-17 15:37:27 +09:00
Ophestra Umiker	d41b9d2d9c	ldd: separate Parse from Exec and trim space Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 23:51:15 +09:00
Ophestra Umiker	6232291cae	ldd: implement strict ldd output parser Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 20:39:27 +09:00