Skip to content
This repository has been archived by the owner on Jun 13, 2022. It is now read-only.

x13a/gexec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 

Repository files navigation

gexec

Execution guard.

  • Create in-memory file descriptor via memfd_create()
  • Check minisign or sha256
  • Exec via fexecve()

Installation

$ make
$ sudo make install

Usage

gexec [-h|V] [-x] [-P PUBLIC_KEY]
      [-E SIG_PATH] [-e SHA256]
      [-S SIG_PATH] [-s SHA256]
      <EXECUTABLE_PATH> [<SCRIPT_PATH>] [..ARGS]

[-h] * Print help and exit
[-V] * Print version and exit
[-x] * Use execve()
[-P] * Minisign base64 public key
[-E] * Executable signature path
[-e] * Executable hash
[-S] * Script signature path
[-s] * Script hash

Example

To check and exec binary (sha256):

$ gexec -e "SHA256" /usr/bin/uname -a

To check and exec script (sha256):

$ gexec -x -s "SCRIPT_SHA256" /usr/bin/python /path/to/file.py

To check and exec binary (minisign):

$ gexec -P "MINISIGN_BASE64_PUBLIC_KEY" /usr/bin/true

To exec binary from memory:

$ cat /usr/bin/uname | gexec -

To check and exec script from memory (sha256):

$ cat /path/to/file.py | gexec -x -s "SCRIPT_SHA256" /usr/bin/python -

About

Execution guard.

Topics

rust security unix rust-lang

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Contributors 2

  •  
  •  

Languages