- commit
- f8413417615911266cbb6b425e039a568eaad567
- parent
- 054bbd0a3cd6866cb5594120f0bc27e0e893ed34
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2024-04-05 06:30
prevent memory from being dumped see also: - https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html - https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/5#note_264789
Diffstat
| M | xikeyring/__main__.py | 3 | +++ |
| A | xikeyring/dumpable.py | 19 | +++++++++++++++++++ |
2 files changed, 22 insertions, 0 deletions
diff --git a/xikeyring/__main__.py b/xikeyring/__main__.py
@@ -1,6 +1,9 @@ 1 1 from .dbus import DBusService -1 2 from .dumpable import pr_set 2 3 from .keyring import Keyring 3 4 -1 5 pr_set(dumpable=False) -1 6 4 7 with Keyring('keyring.db') as keyring: 5 8 service = DBusService(keyring) 6 9 # service.run('org.freedesktop.secrets')
diff --git a/xikeyring/dumpable.py b/xikeyring/dumpable.py
@@ -0,0 +1,19 @@
-1 1 import ctypes
-1 2 import ctypes.util
-1 3 import os
-1 4
-1 5 libc_path = ctypes.util.find_library('c')
-1 6 libc = ctypes.CDLL(libc_path, use_errno=True)
-1 7
-1 8 libc.prctl.argtypes = (ctypes.c_int, ctypes.c_ulong)
-1 9 libc.prctl.restype = ctypes.c_int
-1 10
-1 11 PR_SET_DUMPABLE = 4
-1 12
-1 13
-1 14 def pr_set(*, dumpable: bool) -> None:
-1 15 """Prevent other processes from producing core dumps."""
-1 16 result = libc.prctl(PR_SET_DUMPABLE, 1 if dumpable else 0)
-1 17 if result != 0:
-1 18 errno = ctypes.get_errno()
-1 19 raise OSError(errno, os.strerror(errno))