chalk
chalk copied to clipboard
crashappsec
ensure exec cant segfault
Description
Currently in chalk exec there are lots of things which happen between chalk main() and calling exec. If there is a bug anywhere in there chalk can segfault without ever calling exec of the command. If possible we should add segfault handler or something like that where in catastrophic case chalk still calls the underlying command.
Otherwise things like https://github.com/crashappsec/chalk/issues/186 can happen where a small bug in some flow can cause a segfault which is especially critical when wrapping containers entrypoint making those containers not usable.
Result
This will make chalk exec system a lot more robust for mission critical paths like exec.
Not sure what are the available options here so creating generic ticket as a placeholder for now
cc @drraid @ee7 if you have any thoughts
