aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-08-13 22:58:37 -0400
committerMike Frysinger <vapier@gentoo.org>2015-08-20 10:38:35 -0400
commita743806ea4868371cf182f783fdcfbf1b1f98202 (patch)
treedcc780ac28414218d37628b599881d2683bd4cf7 /pspax.c
parentlddtree.sh: fix interp handling when doing a full listing (diff)
downloadpax-utils-a743806ea4868371cf182f783fdcfbf1b1f98202.tar.gz
pax-utils-a743806ea4868371cf182f783fdcfbf1b1f98202.tar.bz2
pax-utils-a743806ea4868371cf182f783fdcfbf1b1f98202.zip
security: leverage namespaces to restrict the runtime a bit
In practice this isn't terribly useful as people aren't attacking these tools, but might as well be paranoid. It'd be nice to use mount & net namespaces too, but they're way too slow.
Diffstat (limited to 'pspax.c')
-rw-r--r--pspax.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/pspax.c b/pspax.c
index e27b7eb..c64472c 100644
--- a/pspax.c
+++ b/pspax.c
@@ -535,6 +535,10 @@ int main(int argc, char *argv[])
{
char *name = NULL;
+ /* We unshare pidns but don't actually enter it. That means
+ * we still get to scan /proc, but just not fork children. */
+ security_init(false);
+
color_init(false);
parseargs(argc, argv);