hardhat
Develop, test, and deploy smart contracts
TLDR
List available subcommands (or create a new project if no configuration exists)
Compile the current project and build all artifacts
Run a user-defined script after compiling the project
Run Mocha tests
Run all given test files
Start a local Ethereum JSON-RPC node for development
Start a local Ethereum JSON-RPC node with a specific hostname and port
Clean the cache and all artifacts
SYNOPSIS
hardhat [options] -- command [arguments]
PARAMETERS
--command command
The command to execute within the sandboxed environment.
--config file
Path to the configuration file specifying sandbox settings.
--root directory
The root directory for the namespace. Effectively chroots the process.
--user username
The user to run the command as.
--group groupname
The group to run the command as.
--net
Enable networking in the namespace.
--no-new-privs
Set the no_new_privs bit on the process.
--seccomp-profile profile
Path to the seccomp profile to use.
DESCRIPTION
Hardlink Attacker Detection Handler (hardhat) is a security tool designed to execute commands within a restricted environment. It leverages Linux namespaces, seccomp, and cgroups to isolate processes, limit system call access, and control resource usage. This helps prevent attackers from exploiting vulnerabilities in executed commands to gain unauthorized access to the system or cause damage.
Hardhat is particularly useful for sandboxing untrusted code, isolating build processes, or running potentially malicious scripts in a safe and controlled manner. By restricting the capabilities of the executed command, hardhat mitigates the risk of privilege escalation, data breaches, and other security threats.
CAVEATS
Hardhat's effectiveness depends on the completeness and correctness of its configuration. Insufficiently restrictive configurations may still allow attackers to bypass the sandbox. Networking restrictions may impact intended functionality.
CONFIGURATION FILES
Hardhat's behavior is heavily influenced by configuration files. These files specify the resource limits, system call filters, and other restrictions applied to the sandboxed environment. Properly crafted configuration files are crucial for effective sandboxing.
SECURITY CONSIDERATIONS
While hardhat significantly enhances security, it is not a silver bullet. It's essential to regularly audit and update the hardhat configuration and the underlying system to address potential vulnerabilities. Attackers may attempt to exploit weaknesses in the hardhat implementation or the configured restrictions.
HISTORY
Hardhat development is driven by the need for robust sandboxing solutions in environments where untrusted code must be executed. It evolved from earlier sandboxing techniques and incorporates modern Linux kernel features like namespaces, seccomp, and cgroups for enhanced security. Its usage is increasing as security awareness and the complexity of potential attacks grows.