Process-hardening and permission-dropping as appropriate
C tor has a bunch of cute little features for hardening the process on different platforms, implemented in
setuid.c and more places.
These are usually easy to apply once you know about them. We should take them in Arti. Some of these we should do unconditionally; some should live behind some kind of hardening option. An incomplete list:
- 32-bit windows:
- Disabling debugger attachment via
- Disabling core dumps.
- (See also #363 for capacilities and setuid.)
We probably don't want to implement:
mlockall()to disable swapping