Security
Overview
- Klunok starts as root.
- Klunok parses command-line parameters.
- Klunok initializes a fanotify API handle.
- Klunok performs bind mounts if necessary.
- Klunok drops privileges, exits if cannot drop.
- Klunok parses Lua configuration.
- Klunok listens for fanotify events.
The only sensitive thing that is held by Klunok after it drops privileges is
the stream of fanotify events.
The events contain read-only open file descriptors of edited files
and executable files of newly started applications.
Therefore, Klunok monitors only the current working directory by default.
This avoids receiving read-only file descriptors of, for example, /etc/shadow.
Best practices
- Avoid
klunok -w /. - Do use the
-ecommand-line option.
Security policy
Please see https://github.com/Kharacternyk/klunok/blob/master/SECURITY.md.
Static binary reproducibility
You can check that the distributed binary
has been built from the source without modifications
by reproducing the build locally with Nix.
For example, let's verify that the v0.1.1 release has not been tampered with:
nix build github:Kharacternyk/klunok/v0.1.1#static
curl -Lo binary https://github.com/Kharacternyk/klunok/releases/download/v0.1.1/klunok
cmp binary ./result/bin/klunok
The output of cmp must be empty.