Skip to content

Call harden_process() at startup to disable core dumps#27

Merged
jgowdy-godaddy merged 1 commit intomainfrom
feat/call-harden-process
Apr 16, 2026
Merged

Call harden_process() at startup to disable core dumps#27
jgowdy-godaddy merged 1 commit intomainfrom
feat/call-harden-process

Conversation

@jgowdy-godaddy
Copy link
Copy Markdown
Contributor

@jgowdy-godaddy jgowdy-godaddy commented Apr 16, 2026

Summary

  • Adds enclaveapp_core::process::harden_process() as the first call in main() for both binaries: awsenc-cli and awsenc-tpm-bridge
  • Adds enclaveapp-core dependency to awsenc-tpm-bridge crate (awsenc-cli already had it)

Dependency

Requires libenclaveapp PR #44 to be merged first -- the process module is introduced there. CI will fail until that PR lands and the enclaveapp-core dependency is updated.

Test plan

  • cargo build --workspace passes locally
  • cargo test --workspace passes locally
  • cargo clippy --workspace --all-targets -- -D warnings passes locally
  • cargo fmt --all -- --check passes locally

@jgowdy
Call harden_process() at startup to disable core dumps
c43fe40 
Add enclaveapp_core::process::harden_process() as the first call in
main() for both binaries (awsenc-cli, awsenc-tpm-bridge). This
disables core dumps before any secrets are loaded.
@jgowdy-godaddy jgowdy-godaddy merged commit 3f7af8f into main Apr 16, 2026
3 of 6 checks passed
@jgowdy-godaddy jgowdy-godaddy deleted the feat/call-harden-process branch April 17, 2026 03:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jgowdy-godaddy @jgowdy