Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Standalone: Switch to a hold-and-ask model (part 1) #174

Merged
merged 18 commits into from
Dec 19, 2024
Merged

Standalone: Switch to a hold-and-ask model (part 1) #174

merged 18 commits into from
Dec 19, 2024

Conversation

russellhancox
Copy link
Member

@russellhancox russellhancox commented Dec 16, 2024
edited
Loading

With these changes, instead of denying execution and then making a rule after authorization, now when in Standalone mode the execution will be allowed but the binary immediately paused with pid_suspend(). If the user authorizes the execution, the binary will be resumed with pid_resume() (as well as a rule being created). While a process is stopped pending user authorization, any other process attempting to send pid_resume() will be blocked. If the GUI is unavailable for any reason, the process will immediately be killed.

This PR does not change logging, so currently all held executions will be logged as if they were an allowed execution even though they may be killed later before the binary ever had the change to execute anything. This will be fixed in a follow-up PR.

@github-actions github-actions bot added comp/santad Issues or PRs related to the daemon size/m Size: medium labels Dec 17, 2024
@russellhancox russellhancox marked this pull request as ready for review December 17, 2024 16:26
@russellhancox russellhancox requested a review from a team as a code owner December 17, 2024 16:26
@github-actions github-actions bot added gui size/xl Size: extra large and removed size/m Size: medium labels Dec 18, 2024
@russellhancox
Standalone: Switch to a hold-and-ask model (part 1)
5ebe885 
With these changes, instead of denying execution and then making a rule after authorization, now when in Standalone mode the execution will be allowed but the binary immediately paused with SIGSTOP. If the user authorizes the execution, the binary will be resumed with SIGCONT (as well as a rule being created). While a process is stopped pending user authorization, any other process attempting to send SIGCONT will be blocked. If the GUI is unavailable for any reason, the process will immediately be killed.

This PR does not change logging, so currently all held executions will be logged as if they were an allowed execution even though they may be killed later before the binary ever had the change to execute anything. This will be fixed in a follow-up PR
@russellhancox
Review comments
b1ad992
@russellhancox
Fix tests, maybe
694534d
@russellhancox
Lint
8994d92
@russellhancox
Fix tests
a4354b5
@russellhancox
Avoid queue dispatch for auth_signal events needlessly
916850b
@russellhancox
Avoid postAction:forMessage: in signal handling
4778d02
@russellhancox
Switch to pid_suspend/pid_resume, add more TTY handling
92d85bd
@russellhancox russellhancox force-pushed the rah/standalone-hold-and-ask branch from aee0357 to 92d85bd Compare December 18, 2024 17:28
@github-actions github-actions bot added size/m Size: medium and removed size/xl Size: extra large labels Dec 18, 2024
mlw
mlw requested changes Dec 18, 2024
View reviewed changes
@russellhancox russellhancox requested a review from mlw December 19, 2024 16:30
mlw
mlw previously approved these changes Dec 19, 2024
View reviewed changes
@russellhancox russellhancox merged commit d2f4aa6 into northpolesec:main Dec 19, 2024
9 of 10 checks passed
@russellhancox russellhancox deleted the rah/standalone-hold-and-ask branch December 19, 2024 22:01
@russellhancox russellhancox added comp/gui Issues or PRs related to the Santa GUI and removed gui labels Jan 3, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@mlw mlw mlw approved these changes

Assignees
No one assigned
Labels
comp/gui Issues or PRs related to the Santa GUI comp/santad Issues or PRs related to the daemon size/m Size: medium
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@russellhancox @mlw