diff options
author | Jesse Luehrs <doy@tozt.net> | 2021-02-27 21:56:29 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2021-02-27 22:38:45 -0500 |
commit | bfdcccd71f7d6096b96775eb04fb3181ddee3217 (patch) | |
tree | 9c81111780329664430a52d3f2051ddd58015730 /src/bin/rbw-agent/debugger.rs | |
parent | 194e0fcbbad9d6496e6c5a653064824201163002 (diff) | |
download | rbw-bfdcccd71f7d6096b96775eb04fb3181ddee3217.tar.gz rbw-bfdcccd71f7d6096b96775eb04fb3181ddee3217.zip |
refactor a bit
Diffstat (limited to 'src/bin/rbw-agent/debugger.rs')
-rw-r--r-- | src/bin/rbw-agent/debugger.rs | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/bin/rbw-agent/debugger.rs b/src/bin/rbw-agent/debugger.rs new file mode 100644 index 0000000..ebc43bd --- /dev/null +++ b/src/bin/rbw-agent/debugger.rs @@ -0,0 +1,22 @@ +// Prevent other user processes from attaching to the rbw agent and dumping +// memory This is not perfect protection, but closes a door. Unfortunately, +// prctl only works on Linux. +#[cfg(target_os = "linux")] +pub fn disable_tracing() -> anyhow::Result<()> { + // https://github.com/torvalds/linux/blob/v5.11/include/uapi/linux/prctl.h#L14 + const PR_SET_DUMPABLE: i32 = 4; + + // safe because it's just a raw call to prctl, and the arguments are + // correct + let ret = unsafe { libc::prctl(PR_SET_DUMPABLE, 0) }; + if ret == 0 { + Ok(()) + } else { + Err(anyhow::anyhow!("rbw-agent: Failed to disable PTRACE_ATTACH. Agent memory may be dumpable by other processes.")) + } +} + +#[cfg(not(target_os = "linux"))] +pub fn disable_tracing() -> anyhow::Result<()> { + Err(anyhow::anyhow!("rbw-agent: Unable to disable PTRACE_ATTACH on this platform: not implemented. Agent memory may be dumpable by other processes.")) +} |