colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

bunpen: set no_new_privs before executing the command

Browse Source
This commit is contained in:
Colin
2024-08-22 15:42:59 +00:00
parent 634f13ba6b
commit 2c390a8b6d
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkgs/additional/bunpen/src/main.ha
View File

@@ -3,6 +3,11 @@ use log;
use strings;
use os;
use os::exec;
use rt;
fn no_new_privs() void = {
rt::prctl(rt::PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)!;
};
fn do_exec(args: []str) never = {
let joined = strings::join(" ", args...);
@@ -16,5 +21,6 @@ fn do_exec(args: []str) never = {
export fn main() void = {
let my_name = os::args[0];
let exec_line = os::args[1..];
no_new_privs();
do_exec(exec_line);
};