From d2173cdbc03884ecd9534e9369f8ebe1634f7e9c Mon Sep 17 00:00:00 2001 From: James O'Doherty Date: Fri, 29 May 2026 21:07:46 -0400 Subject: feat: harden bootstrap and optimize network data path - Security: Eliminate namespace escape risk by removing `HostBind` and enforcing `FDBind` using pre-opened host socket FDs. - Security: Replace unsafe `atoi` with `strtol` and strict validation in the C launcher to prevent malformed PID joins. - Stability: Fix PID wraparound by storing session timestamps in PID files to detect recycled PIDs. - Stability: Resolve DNS mount leaks by implementing proper unmounting of `/etc/resolv.conf` during tunnel shutdown. - Performance: Optimize `FDBind` throughput by implementing batch packet processing in the receive loop. - Deployment: Implement `memfd_create` for the C launcher to support `noexec` temporary directories and reduce disk I/O. - Maintenance: Replace external `ip` CLI dependency with native `netlink` library for robust network configuration. - Quality: Fix all `golangci-lint` errors and replace remaining panics with explicit error handling. --- internal/namespace/launcher_src/launcher.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'internal/namespace/launcher_src/launcher.c') diff --git a/internal/namespace/launcher_src/launcher.c b/internal/namespace/launcher_src/launcher.c index 60c6558..3f1b919 100644 --- a/internal/namespace/launcher_src/launcher.c +++ b/internal/namespace/launcher_src/launcher.c @@ -16,7 +16,14 @@ int main(int argc, char **argv) { // Check if we are joining an existing namespace char *join_pid_str = getenv("WG_WRAP_JOIN_PID"); if (join_pid_str != NULL && strlen(join_pid_str) > 0) { - int target_pid = atoi(join_pid_str); + char *endptr; + long target_pid = strtol(join_pid_str, &endptr, 10); + + if (*endptr != '\0' || target_pid <= 0) { + fprintf(stderr, "Invalid WG_WRAP_JOIN_PID: %s\n", join_pid_str); + return 1; + } + if (target_pid > 0) { char path[128]; int fd; -- cgit v1.2.3