tDeny coredumps to protect sensitive data - safe - password protected secret keeper
HTML git clone git://git.z3bra.org/safe.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 813084d053bc475fecc17656d1c9de39a0d3ff3d
DIR parent acc0b2109c065f82169563f5390b2d316372e336
HTML Author: Willy Goiffon <dev@z3bra.org>
Date: Thu, 27 Jun 2019 15:45:47 +0200
Deny coredumps to protect sensitive data
Diffstat:
M safe-agent.c | 7 +++++++
M safe.c | 7 +++++++
2 files changed, 14 insertions(+), 0 deletions(-)
---
DIR diff --git a/safe-agent.c b/safe-agent.c
t@@ -1,3 +1,4 @@
+#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
t@@ -218,6 +219,7 @@ main(int argc, char *argv[])
int timeout, fd, dflag;
size_t dirlen;
char path[PATH_MAX] = SOCKDIR;
+ struct rlimit rlim;
pid = getpid();
t@@ -249,6 +251,11 @@ main(int argc, char *argv[])
sockp = path;
}
+ /* deny core dump as memory contains derivated key */
+ rlim.rlim_cur = rlim.rlim_max = 0;
+ if (setrlimit(RLIMIT_CORE, &rlim) < 0)
+ err(1, "setrlimit RLIMIT_CORE");
+
if (dflag) {
printf("SAFE_PID=%d; export SAFE_PID\n", pid);
printf("SAFE_SOCK=%s; export SAFE_SOCK\n", sockp);
DIR diff --git a/safe.c b/safe.c
t@@ -1,3 +1,4 @@
+#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
t@@ -383,6 +384,7 @@ main(int argc, char *argv[])
int fd, haskey = 0, hasmaster = 1, aflag = 0, pflag = 0;
char *secret = NULL, *sockp = NULL, *safe = SAFE;
struct safe s;
+ struct rlimit rlim;
safe = getenv("SAFE_DIR");
sockp = getenv("SAFE_SOCK");
t@@ -409,6 +411,11 @@ main(int argc, char *argv[])
sodium_mlock(s.key, sizeof(s.key));
+ /* deny core dump as memory contains passwords and keys */
+ rlim.rlim_cur = rlim.rlim_max = 0;
+ if (setrlimit(RLIMIT_CORE, &rlim) < 0)
+ err(1, "setrlimit RLIMIT_CORE");
+
if (!safe)
safe = SAFE;