yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-04-27 21:55:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use unveil(2) on OpenBSD (#1194)

Browse source 
After #1175 removed ioctl(2) fallback code shelling out to ifconfig(8),
there is no code left (compiled on OpenBSD) that would fork(2) or
execve(2).

Drop the ability to run any executable file to double down on this, thus
reducing the attack surface of this this experimental, internet facing
daemon running as root.

pledge(2) is doable, but needs more polish.
unveil(2), however, is as simple as it gets.

On other systems, this code is a NOOP, but can still help to implement
similar safety belts.
This commit is contained in:
Klemens Nanni 2024-12-12 21:37:02 +03:00 committed by GitHub
parent b436052b2d
commit 83ec58afc7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
go.mod
View file

@ -45,4 +45,5 @@ require (
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/olekukonko/tablewriter v0.0.5
github.com/vishvananda/netns v0.0.4 // indirect
suah.dev/protect v1.2.4
)