Skip to content

Commit

Permalink
Set the Notary Signer to be non dumpable in Linux
Browse files Browse the repository at this point in the history
This disables
 - core dumps, which might contain keys
 - ability to ptrace the process which may allow keys to be read

This is not enabled in the debug mode.

Signed-off-by: Justin Cormack <[email protected]>
  • Loading branch information
justincormack committed Apr 6, 2018
1 parent 107dd1e commit 55dbe1d
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 0 deletions.
11 changes: 11 additions & 0 deletions cmd/notary-signer/dump_linux.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package main

import (
"golang.org/x/sys/unix"
)

func protect() error {
// Make sure process is not dumpable, so will not core dump, which would
// write keys to disk, and cannot be ptraced to read keys.
return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
}
7 changes: 7 additions & 0 deletions cmd/notary-signer/dump_unsupported.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
// +build !linux

package main

func protect() error {
return nil
}
5 changes: 5 additions & 0 deletions cmd/notary-signer/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,11 @@ func main() {

if flagStorage.debug {
go debugServer(debugAddr)
} else {
// If not in debug mode, stop tracing, core dumps if supported to help protect keys.
if err := protect(); err != nil {
logrus.Fatal(err.Error())
}
}

// when the signer starts print the version for debugging and issue logs later
Expand Down

0 comments on commit 55dbe1d

Please sign in to comment.