mirror of
https://github.com/uutils/shadow.git
synced 2026-06-10 16:14:57 -07:00
4ecf63ec1f
#154: Reject setuid multicall invocations where argv[0] doesn't match AT_EXECFN from the ELF auxiliary vector. Prevents an attacker from spoofing argv[0] to route the multicall binary to a different tool in setuid context. Only enforced when euid != uid. #155: Add daily cargo-audit workflow matching uutils/coreutils pattern. Also triggers on Cargo.toml/Cargo.lock changes. Fixes #154. Fixes #155.
20 lines
351 B
YAML
20 lines
351 B
YAML
name: Security audit
|
|
|
|
# spell-checker:ignore (misc) rustsec
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 0 * * *"
|
|
push:
|
|
paths:
|
|
- "**/Cargo.toml"
|
|
- "**/Cargo.lock"
|
|
jobs:
|
|
audit:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: rustsec/audit-check@v2
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|