fsu: check parent executable path

Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-28 18:52:23 +09:00
parent 431dc095e5
commit aa1f96eeeb
2 changed files with 11 additions and 2 deletions
--- a/package.nix
+++ b/package.nix
@@ -21,7 +21,7 @@ buildGoModule rec {
    "-X"
    "main.Version=v${version}"
    "-X"
-    "main.FortifyPath=${placeholder "out"}/bin/fortify"
+    "main.FortifyPath=${placeholder "out"}/bin/.fortify-wrapped"
  ];

  buildInputs = [