2024-09-22 15:46:54 +00:00
|
|
|
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
|
|
|
|
|
// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
|
|
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2024-11-18 00:37:07 +03:00
|
|
|
"os/user"
|
2024-09-22 15:46:54 +00:00
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
2024-11-18 00:37:07 +03:00
|
|
|
|
|
|
|
|
"golang.org/x/sys/unix"
|
2024-09-22 15:46:54 +00:00
|
|
|
)
|
|
|
|
|
|
2024-11-18 00:37:07 +03:00
|
|
|
func chuser(input string) error {
|
|
|
|
|
givenUser, givenGroup, _ := strings.Cut(input, ":")
|
2024-12-13 16:54:14 +00:00
|
|
|
if givenUser == "" {
|
|
|
|
|
return fmt.Errorf("user is empty")
|
|
|
|
|
}
|
|
|
|
|
if strings.Index(input, ":") > -1 && givenGroup == "" {
|
|
|
|
|
return fmt.Errorf("group is empty")
|
|
|
|
|
}
|
2024-09-22 15:46:54 +00:00
|
|
|
|
2024-11-18 00:37:07 +03:00
|
|
|
var (
|
|
|
|
|
err error
|
|
|
|
|
usr *user.User
|
|
|
|
|
grp *user.Group
|
|
|
|
|
uid, gid int
|
|
|
|
|
)
|
2024-09-22 15:46:54 +00:00
|
|
|
|
2024-11-18 00:37:07 +03:00
|
|
|
if usr, err = user.LookupId(givenUser); err != nil {
|
|
|
|
|
if usr, err = user.Lookup(givenUser); err != nil {
|
|
|
|
|
return err
|
2024-09-22 15:46:54 +00:00
|
|
|
}
|
|
|
|
|
}
|
2024-11-18 00:37:07 +03:00
|
|
|
if uid, err = strconv.Atoi(usr.Uid); err != nil {
|
|
|
|
|
return err
|
2024-09-22 15:46:54 +00:00
|
|
|
}
|
|
|
|
|
|
2024-11-18 00:37:07 +03:00
|
|
|
if givenGroup != "" {
|
|
|
|
|
if grp, err = user.LookupGroupId(givenGroup); err != nil {
|
|
|
|
|
if grp, err = user.LookupGroup(givenGroup); err != nil {
|
|
|
|
|
return err
|
Set groups when dropping privileges to not leak supplementary group access (#1202)
Changing the real and effective user/group IDs and the saved
set-user/group-ID is not enough to get rid of intial access permissions.
The list of groups must be cleared also, otherwise a process changing
from, e.g. `root:root` to `nobody:nobody` retains rights to access
`:wheel` files (assuming `root` is a member of the `wheel` group).
For example:
```
# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
# ./yggdrasil -autoconf -logto /dev/null -user nobody &
[1] 4337
# ps -o command,user,group,supgrp -U nobody
COMMAND USER GROUP SUPGRP
./yggdrasil -aut nobody nobody wheel,kmem,sys,tty,operator,staff,guest
```
Fix that so the process runs as mere
```
COMMAND USER GROUP SUPGRP
./yggdrasil -aut nobody nobody nobody
```
Fixes #927.
2024-11-11 22:28:28 +03:00
|
|
|
}
|
2024-09-22 15:46:54 +00:00
|
|
|
}
|
|
|
|
|
|
2024-11-18 00:37:07 +03:00
|
|
|
gid, _ = strconv.Atoi(grp.Gid)
|
|
|
|
|
} else {
|
|
|
|
|
gid, _ = strconv.Atoi(usr.Gid)
|
2024-09-22 15:46:54 +00:00
|
|
|
}
|
|
|
|
|
|
2024-11-18 00:37:07 +03:00
|
|
|
if err := unix.Setgroups([]int{gid}); err != nil {
|
|
|
|
|
return fmt.Errorf("setgroups: %d: %v", gid, err)
|
|
|
|
|
}
|
|
|
|
|
if err := unix.Setgid(gid); err != nil {
|
|
|
|
|
return fmt.Errorf("setgid: %d: %v", gid, err)
|
|
|
|
|
}
|
|
|
|
|
if err := unix.Setuid(uid); err != nil {
|
|
|
|
|
return fmt.Errorf("setuid: %d: %v", uid, err)
|
2024-09-22 15:46:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
