tailscale/ssh/tailssh/incubator_darwin.go
Adam Eijdenberg 5e34bd61c8 ssh/tailssh: limit setgroups to 16 on macOS
Fixes #4938

Signed-off-by: Adam Eijdenberg <adam@continusec.com>
(cherry picked from commit 9294a14a37)
2022-07-05 09:56:51 -07:00

22 lines
907 B
Go

// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tailssh
import "syscall"
func (ia *incubatorArgs) loginArgs() []string {
return []string{ia.loginCmdPath, "-fp", "-h", ia.remoteIP, ia.localUser}
}
func setGroups(groupIDs []int) error {
// darwin returns "invalid argument" if more than 16 groups are passed to syscall.Setgroups
// some info can be found here:
// https://opensource.apple.com/source/samba/samba-187.8/patches/support-darwin-initgroups-syscall.auto.html
// this fix isn't great, as anyone reading this has probably just wasted hours figuring out why
// some permissions thing isn't working, due to some arbitrary group ordering, but it at least allows
// this to work for more things than it previously did.
return syscall.Setgroups(groupIDs[:16])
}