* prctl(PR_SET_DUMPABLE, 0) via libc FFI. Blocks same-UID ptrace of this * process, so a prompt-injected `gdb -p $PPID` can't scrape the token from * the heap. Linux-only; silently no-ops elsewhere.
()
| 223 | * the heap. Linux-only; silently no-ops elsewhere. |
| 224 | */ |
| 225 | function setNonDumpable(): void { |
| 226 | if (process.platform !== 'linux' || typeof Bun === 'undefined') return |
| 227 | try { |
| 228 | // eslint-disable-next-line @typescript-eslint/no-require-imports |
| 229 | const ffi = require('bun:ffi') as typeof import('bun:ffi') |
| 230 | const lib = ffi.dlopen('libc.so.6', { |
| 231 | prctl: { |
| 232 | args: ['int', 'u64', 'u64', 'u64', 'u64'], |
| 233 | returns: 'int', |
| 234 | }, |
| 235 | } as const) |
| 236 | const PR_SET_DUMPABLE = 4 |
| 237 | const rc = lib.symbols.prctl(PR_SET_DUMPABLE, 0n, 0n, 0n, 0n) |
| 238 | if (rc !== 0) { |
| 239 | logForDebugging( |
| 240 | '[upstreamproxy] prctl(PR_SET_DUMPABLE,0) returned nonzero', |
| 241 | { |
| 242 | level: 'warn', |
| 243 | }, |
| 244 | ) |
| 245 | } |
| 246 | } catch (err) { |
| 247 | logForDebugging( |
| 248 | `[upstreamproxy] prctl unavailable: ${err instanceof Error ? err.message : String(err)}`, |
| 249 | { level: 'warn' }, |
| 250 | ) |
| 251 | } |
| 252 | } |
| 253 | |
| 254 | async function downloadCaBundle( |
| 255 | baseUrl: string, |
no test coverage detected