bunpen: set no_new_privs before executing the command
This commit is contained in:
@@ -3,6 +3,11 @@ use log;
|
|||||||
use strings;
|
use strings;
|
||||||
use os;
|
use os;
|
||||||
use os::exec;
|
use os::exec;
|
||||||
|
use rt;
|
||||||
|
|
||||||
|
fn no_new_privs() void = {
|
||||||
|
rt::prctl(rt::PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)!;
|
||||||
|
};
|
||||||
|
|
||||||
fn do_exec(args: []str) never = {
|
fn do_exec(args: []str) never = {
|
||||||
let joined = strings::join(" ", args...);
|
let joined = strings::join(" ", args...);
|
||||||
@@ -16,5 +21,6 @@ fn do_exec(args: []str) never = {
|
|||||||
export fn main() void = {
|
export fn main() void = {
|
||||||
let my_name = os::args[0];
|
let my_name = os::args[0];
|
||||||
let exec_line = os::args[1..];
|
let exec_line = os::args[1..];
|
||||||
|
no_new_privs();
|
||||||
do_exec(exec_line);
|
do_exec(exec_line);
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user