From f320dfc2ee3762e72e7b214190983385e95794ce Mon Sep 17 00:00:00 2001
From: Ophestra Umiker <cat@ophivana.moe>
Date: Sun, 13 Oct 2024 00:09:14 +0900
Subject: [PATCH] fortify: set SUID_DUMP_DISABLE after flag parse

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
---
 main.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/main.go b/main.go
index 707e32d..896f7aa 100644
--- a/main.go
+++ b/main.go
@@ -4,6 +4,7 @@ import (
 	"flag"
 	"fmt"
 	"os"
+	"syscall"
 
 	"git.ophivana.moe/cat/fortify/internal"
 	"git.ophivana.moe/cat/fortify/internal/app"
@@ -23,6 +24,13 @@ func main() {
 	flag.Parse()
 	verbose.Set(flagVerbose)
 
+	// linux/sched/coredump.h
+	if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, 0, 0); errno != 0 {
+		fmt.Printf("fortify: cannot set SUID_DUMP_DISABLE: %s", errno.Error())
+	} else {
+		verbose.Println("prctl(PR_SET_DUMPABLE, SUID_DUMP_DISABLE) succeeded")
+	}
+
 	if internal.SdBootedV {
 		verbose.Println("system booted with systemd as init system")
 	}