awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

12 repository-uri

Awesome GitHub RepositoriesPrivileged Process Isolation

Mechanisms for executing administrative tasks in isolated, secure processes to minimize system attack surfaces.

Distinguishing note: Focuses on process-level security isolation for administrative tasks, distinct from general-purpose authentication or encryption libraries.

Explore 12 awesome GitHub repositories matching security & cryptography · Privileged Process Isolation. Refine with filters or upvote what's useful.

Awesome Privileged Process Isolation GitHub Repositories

Găsește cele mai bune repo-uri cu AI.Vom căuta cele mai potrivite repository-uri folosind AI.
  • chen08209/flclashAvatar chen08209

    chen08209/FlClash

    42,627Vezi pe GitHub↗

    FlClash is a cross-platform proxy client designed to manage network traffic through configurable rules and system-level tunnel integration. It functions as a native system orchestrator, coordinating application lifecycle events and background services across desktop and mobile environments. The application utilizes a modular architecture that enables extensibility through local plugins and foreign function interfaces, allowing for direct interaction with native system libraries. It maintains security by isolating restricted administrative tasks within a privileged helper process, which valida

    Executes restricted administrative tasks in a separate secure process to safely manage system network tunnels and core services.

    Dartclashclash-metaflutter
    Vezi pe GitHub↗42,627
  • rikkaapps/shizukuAvatar RikkaApps

    RikkaApps/Shizuku

    26,413Vezi pe GitHub↗

    Shizuku is a framework that enables standard mobile applications to interact with restricted system-level interfaces and services. By acting as a bridge between the user space and protected system functions, it allows applications to perform privileged operations that are typically inaccessible due to standard operating system sandbox limitations. The project functions by routing requests through a persistent background service, which facilitates communication with internal system services and remote interfaces. This architecture allows for the execution of system-level tasks and the manageme

    Routes restricted system requests through a high-privilege background process to bypass sandbox limitations.

    Kotlin
    Vezi pe GitHub↗26,413
  • vonng/ddiaAvatar Vonng

    Vonng/ddia

    22,648Vezi pe GitHub↗

    This project serves as a comprehensive technical reference for the architecture and design of data-intensive applications. It provides a structured analysis of the fundamental principles required to build reliable, scalable, and maintainable software systems, covering the core trade-offs inherent in modern data infrastructure. The repository explores the mechanics of distributed data management, including strategies for replication, partitioning, and achieving consensus across multiple nodes. It details the design of storage engines, indexing techniques, and transaction management models, whi

    Implements process-level security isolation to minimize system attack surfaces and manage authority.

    Pythonbookdatabaseddia
    Vezi pe GitHub↗22,648
  • opa334/trollstoreAvatar opa334

    opa334/TrollStore

    21,573Vezi pe GitHub↗

    TrollStore is an application installer for iOS that enables the deployment of unsigned software on restricted mobile devices. By bypassing standard code signature verification and security sandbox requirements, it allows users to install and execute applications that originate from outside official distribution channels. The utility functions as an entitlement injection tool, modifying application metadata during installation to grant elevated system permissions. It achieves this by injecting developer certificates into software bundles and utilizing kernel-level modifications to permit the e

    Executes application binaries with elevated system credentials to bypass standard security sandboxes.

    Objective-C
    Vezi pe GitHub↗21,573
  • qdm12/gluetunAvatar qdm12

    qdm12/gluetun

    13,056Vezi pe GitHub↗

    Gluetun is a containerized network utility designed to route traffic from multiple Docker containers through a secure virtual private network tunnel. It functions as a network gateway that encapsulates outgoing internet traffic to provide privacy and security for isolated application services. The project distinguishes itself by utilizing Linux network namespaces to isolate container traffic, ensuring that all outgoing packets are forced through a dedicated tunnel interface. It supports both OpenVPN and WireGuard protocols, managing the connection lifecycle and routing logic as a sidecar cont

    Executes network configuration tasks in isolated, privileged processes to manage kernel routing tables securely.

    Goalpinecyberghostdns-over-tls
    Vezi pe GitHub↗13,056
  • benoitc/gunicornAvatar benoitc

    benoitc/gunicorn

    10,443Vezi pe GitHub↗

    Gunicorn is a production-grade WSGI HTTP server designed for deploying Python web applications. It functions as a process manager that utilizes a pre-fork worker model, where a master process initializes the application and spawns multiple child processes to handle incoming requests in parallel. This architecture ensures high performance and stability by isolating application execution within persistent worker processes. The server distinguishes itself through its flexible concurrency models and robust process lifecycle management. It supports interchangeable worker types, including synchrono

    Executes worker processes under specific user and group identities to enforce security and minimize attack surfaces.

    Pythonhttphttp-serverpython
    Vezi pe GitHub↗10,443
  • powershell/win32-opensshAvatar PowerShell

    PowerShell/Win32-OpenSSH

    8,167Vezi pe GitHub↗

    Win32-OpenSSH is a secure shell suite that provides an OpenSSH port for Windows operating systems. It consists of an SSH server for remote management and authentication, a secure shell client for establishing encrypted connections, and an SFTP server for managing files. The project enables secure remote administration of Windows servers and workstations via a command line interface. It supports encrypted file transfers using SFTP and SCP protocols and allows for cross-platform remote management of Windows systems from Linux or macOS environments. The implementation integrates with Windows se

    Uses a privilege-separated process model to isolate the monitor from unprivileged child processes for increased security.

    csshwindows
    Vezi pe GitHub↗8,167
  • tianon/gosuAvatar tianon

    tianon/gosu

    4,978Vezi pe GitHub↗

    gosu este un comutator de identitate a utilizatorului bazat pe Go și un wrapper de proces conceput pentru a executa comenzi sub o identitate specifică de utilizator și grup. Acesta funcționează ca un binar ușor pentru comutarea identităților utilizatorului și redirecționarea semnalelor înainte de a executa un proces țintă. Instrumentul se concentrează pe optimizarea entrypoint-ului containerului și gestionarea utilizatorilor în containerele Docker. Acesta permite executarea proceselor ca utilizatori non-root, asigurându-se în același timp că semnalele sistemului de operare ajung la procesul copil și că comanda țintă este stabilită ca proces principal. Utilitarul gestionează comutarea identității procesului Linux și execuția proceselor privilegiate. Utilizează apeluri de sistem pentru comutarea identității și oferă moștenirea fluxului standard pentru a conecta procesul țintă la fluxurile de intrare și ieșire existente.

    Executes binaries with specific user/group credentials while ensuring proper environment variable inheritance.

    Shell
    Vezi pe GitHub↗4,978
  • trifectatechfoundation/sudo-rsAvatar trifectatechfoundation

    trifectatechfoundation/sudo-rs

    4,410Vezi pe GitHub↗

    sudo-rs este un utilitar de sistem low-level și un executor de comenzi privilegiate scris în Rust. Acesta oferă o implementare sigură pentru memorie a sudo și su pentru rularea programelor cu permisiuni de superuser sau utilizator alternativ și comutarea privilegiilor de sesiune către alte identități de utilizator locale. Proiectul se integrează cu modulele de securitate ale kernel-ului pentru a funcționa ca un lansator de procese sandbox, restricționând resursele sistemului și capabilitățile procesului în timpul execuției. Utilitarul include suport pentru localizarea sistemului în mai multe limbi, utilizând cataloage de mesaje compilate pentru a oferi text de interfață tradus în funcție de setările regionale ale sistemului.

    Provides mechanisms to spawn new system processes with elevated root-level credentials by altering user and group IDs.

    Rust
    Vezi pe GitHub↗4,410
  • linuxserver/docker-webtopAvatar linuxserver

    linuxserver/docker-webtop

    3,936Vezi pe GitHub↗

    This project is a containerized Linux desktop streamer that renders a full operating system interface in a web browser using encoded video streams. It allows for remote access to various Linux distributions and serves as a platform for browser-based application hosting. The system supports GPU acceleration via KVM and direct hardware passthrough to enable low-latency graphics rendering and video encoding. It also features volume mapping for home directory persistence, ensuring that user data and portable applications survive environment updates. Additional capabilities include the creation o

    Creates a secure kiosk environment by disabling terminal and sudo access.

    Shellalpinearchdocker
    Vezi pe GitHub↗3,936
  • jorisvink/koreAvatar jorisvink

    jorisvink/kore

    3,825Vezi pe GitHub↗

    Kore is an event-driven web and WebSocket server framework designed for building high-performance web services and APIs in C or Python. It functions as a secure, concurrent application framework that utilizes non-blocking I/O and isolated worker processes to handle high-concurrency traffic. The project is distinguished by a security-first architecture that features OS-level process sandboxing, privilege separation, and the isolation of private encryption keys into dedicated processes. It enables zero-downtime deployments through dynamic module hot-reloading and provides automated TLS certific

    Isolates private encryption keys into dedicated processes to prevent compromise of the primary worker processes.

    Ccframeworkhigh-performance
    Vezi pe GitHub↗3,825
  • reisxd/tizentubecobaltAvatar reisxd

    reisxd/TizenTubeCobalt

    2,493Vezi pe GitHub↗

    TizenTubeCobalt is a third-party YouTube client and ad-blocking video player developed for the Tizen operating system. It functions as a Tizen OS application that bridges native C++ functions with JavaScript execution to provide a customized media experience on smart TVs. The application distinguishes itself through advanced content filtering and playback optimizations. It removes video advertisements and uses community-sourced data to automatically skip sponsored segments. Additionally, it includes a video content filter to remove clickbait titles and misleading thumbnails. The project cove

    Utilizes operating system primitives to restrict process privileges and isolate sensitive operations from the main application.

    Vezi pe GitHub↗2,493
  1. Home
  2. Security & Cryptography
  3. Privileged Process Isolation

Explorează sub-etichetele

  • Key Isolation ProcessesProcesses specifically designed to isolate cryptographic keys from the main application logic. **Distinct from Privileged Process Isolation:** Distinct from Privileged Process Isolation: focuses specifically on isolating encryption keys rather than general administrative tasks.
  • Kiosk Environment IsolationRestricting shell access and administrative privileges to create a locked-down user environment. **Distinct from Privileged Process Isolation:** Specifically creates a kiosk by disabling terminals and sudo, rather than just isolating administrative processes.
  • Privileged Process SpawnersMechanisms for executing application binaries with root-level credentials to bypass sandboxing. **Distinct from Privileged Process Isolation:** Distinct from privileged process isolation: focuses on spawning processes with elevated credentials rather than just isolating them.