From f8821f123d3ef366c7577556858c7ce06b9e74dc Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Thu, 24 Aug 2023 03:22:03 +0200 Subject: [PATCH] Move processsecurity into submodule --- agent/processsecurity/other.go | 8 ++++++++ agent/processsecurity/unix.go | 9 +++++++++ agent/unixsocketagent.go | 8 ++------ agent/virtualagent.go | 3 ++- 4 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 agent/processsecurity/other.go create mode 100644 agent/processsecurity/unix.go diff --git a/agent/processsecurity/other.go b/agent/processsecurity/other.go new file mode 100644 index 0000000..aa1e6dd --- /dev/null +++ b/agent/processsecurity/other.go @@ -0,0 +1,8 @@ +//go:build windows || darwin + +package processsecurity + +func DisableDumpale() error { + // no additional dumping protection + return nil +} diff --git a/agent/processsecurity/unix.go b/agent/processsecurity/unix.go new file mode 100644 index 0000000..f3579fc --- /dev/null +++ b/agent/processsecurity/unix.go @@ -0,0 +1,9 @@ +//go:build linux || freebsd + +package processsecurity + +import "golang.org/x/sys/unix" + +func DisableDumpable() error { + return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0) +} diff --git a/agent/unixsocketagent.go b/agent/unixsocketagent.go index b97356c..12401bf 100644 --- a/agent/unixsocketagent.go +++ b/agent/unixsocketagent.go @@ -12,12 +12,12 @@ import ( "github.com/quexten/goldwarden/agent/bitwarden" "github.com/quexten/goldwarden/agent/bitwarden/crypto" "github.com/quexten/goldwarden/agent/config" + "github.com/quexten/goldwarden/agent/processsecurity" "github.com/quexten/goldwarden/agent/sockets" "github.com/quexten/goldwarden/agent/ssh" "github.com/quexten/goldwarden/agent/vault" "github.com/quexten/goldwarden/ipc" "github.com/quexten/goldwarden/logging" - "golang.org/x/sys/unix" ) const ( @@ -93,10 +93,6 @@ func serveAgentSession(c net.Conn, ctx context.Context, vault *vault.Vault, cfg } } -func disableDumpable() error { - return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0) -} - type AgentState struct { vault *vault.Vault config *config.ConfigFile @@ -144,7 +140,7 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error { } } - disableDumpable() + processsecurity.DisableDumpable() if !runtimeConfig.WebsocketDisabled { go bitwarden.RunWebsocketDaemon(ctx, vault, &cfg) } diff --git a/agent/virtualagent.go b/agent/virtualagent.go index 1b7b500..d65766a 100644 --- a/agent/virtualagent.go +++ b/agent/virtualagent.go @@ -11,6 +11,7 @@ import ( "github.com/quexten/goldwarden/agent/bitwarden" "github.com/quexten/goldwarden/agent/bitwarden/crypto" "github.com/quexten/goldwarden/agent/config" + "github.com/quexten/goldwarden/agent/processsecurity" "github.com/quexten/goldwarden/agent/sockets" "github.com/quexten/goldwarden/agent/vault" "github.com/quexten/goldwarden/ipc" @@ -111,7 +112,7 @@ func StartVirtualAgent(runtimeConfig config.RuntimeConfig) (chan []byte, chan [] } } } - disableDumpable() + processsecurity.DisableDumpable() go func() { for { time.Sleep(TokenRefreshInterval)