developer.intra2net.com Git - libi2ncommon/commit

author	Philipp Gesang <philipp.gesang@intra2net.com>
	Tue, 26 Jun 2018 07:38:56 +0000 (09:38 +0200)
committer	Philipp Gesang <philipp.gesang@intra2net.com>
	Tue, 14 Aug 2018 15:12:25 +0000 (17:12 +0200)
commit	55a229305917a1adf16ab5390598cf6ec316b7c4
tree	0c54245a21fa5ee32a803b74008326f6a7235795	tree \| snapshot (zip tar.gz)
parent	a44b0eb12a6310de0f966b056775ea4b5946d0cd	commit \| diff

add support for guarding pipestream with NO_NEW_PRIVS

Add an option to the pipestream and related APIs to drop the
right to obtain further privileges before exec()ing the binary
(off by default). This may be used as an additional measure to
guard invocations of untrusted binaries or trusted ones that
operate on untrusted inputs.

Target audience: arnied scheduler, everywhere file(1) or
imagemagick tools are called.

Defects: it will be tricky to properly unit test this.

[0] https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt

src/pipestream.cpp		diff \| blob \| blame \| history
src/pipestream.hxx		diff \| blob \| blame \| history
test/test_pipestream.cpp		diff \| blob \| blame \| history