-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
santa daemon should have a mechanism to prevent being killed by users with root privileges. #1235
Comments
Santa currently has some basic tamper resistance features, but we should expand upon these, including better signal handling. It is something we'd like to get to eventually. While handling signals is definitely doable, it does have some tricky edge cases that need to be cleanly handled. The It's worth noting the more something is locked down, the more difficult it is for field support and unblocking users in weird states. As suggested, gating the level of headache an admin wants to enjoy behind config options could be one way to better stomach stronger tamper resistance mechanisms. |
If I have root privileges, I can bypass the allowlist mechanism by repeatedly killing santa daemon in a loop.
I have observed other security software that cannot be killed even if I have root privileges.
Is it possible to implement a feature to control whether santa daemon can be killed through a configuration field? thanks~
The text was updated successfully, but these errors were encountered: