Skip to content

Security: DanaResearchGroup/GuardARC

Security

SECURITY.md

Security Policy

GuardARC runs with elevated privileges (it signals processes, tears down sockets, and installs nftables rules), so bugs in those paths are security-sensitive.

Privilege model

  • The monitoring/alerting path needs only read access to local socket state (ss) and the ability to run the Slack helper.
  • The enforcement path (SIGSTOP/SIGCONT, ss --kill, nft install/remove) needs root. Grant the narrowest privilege that works for your deployment.
  • GuardARC never authenticates to or connects to a monitored server. It must never hold remote credentials.

Hard invariants (do not regress)

  • Signalling is strictly by PID, never pattern-based — the guard must never be able to kill itself or an unrelated process.
  • The guard self-excludes its own PID from counting and enforcement.
  • All destructive actions are scoped to a specific target peer and owning PID.

Reporting a vulnerability

Report privately to the maintainers (Dana Research Group, Technion) rather than opening a public issue. Include the version, platform, and a minimal reproduction.

There aren't any published security advisories