TheArchive/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2024-11-27 12:05:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
67ec5a92b3
yggdrasil-go/cmd/yggdrasil/chuser_unix.go

94 lines
2.1 KiB
Go
Raw Normal View History

argument to change uid/gid (#927) different from https://github.com/yggdrasil-network/yggdrasil-go/pull/817 in that it can resolve user names, automatically use user's primary gid & allows specifying gid in the same argument, with `:` eg `username:groupname`. feel free to criticize & suggest different argument name & description because i didn't put much of thought to that. --------- Co-authored-by: Neil <git@neilalexander.dev> Co-authored-by: VNAT <xepjk@protonmail.com> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-09-22 15:46:54 +00:00
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
package main
import (
"errors"
"fmt"
"math"
osuser "os/user"
"strconv"
"strings"
"syscall"
)
func chuser(user string) error {
group := ""
if i := strings.IndexByte(user, ':'); i >= 0 {
user, group = user[:i], user[i+1:]
}
u := (*osuser.User)(nil)
g := (*osuser.Group)(nil)
if user != "" {
if _, err := strconv.ParseUint(user, 10, 32); err == nil {
u, err = osuser.LookupId(user)
if err != nil {
return fmt.Errorf("failed to lookup user by id %q: %v", user, err)
}
} else {
u, err = osuser.Lookup(user)
if err != nil {
return fmt.Errorf("failed to lookup user by name %q: %v", user, err)
}
}
}
if group != "" {
if _, err := strconv.ParseUint(group, 10, 32); err == nil {
g, err = osuser.LookupGroupId(group)
if err != nil {
return fmt.Errorf("failed to lookup group by id %q: %v", user, err)
}
} else {
g, err = osuser.LookupGroup(group)
if err != nil {
return fmt.Errorf("failed to lookup group by name %q: %v", user, err)
}
}
}
if g != nil {
gid, _ := strconv.ParseUint(g.Gid, 10, 32)
var err error
if gid < math.MaxInt {
Set groups when dropping privileges to not leak supplementary group access (#1202) Changing the real and effective user/group IDs and the saved set-user/group-ID is not enough to get rid of intial access permissions. The list of groups must be cleared also, otherwise a process changing from, e.g. `root:root` to `nobody:nobody` retains rights to access `:wheel` files (assuming `root` is a member of the `wheel` group). For example: ``` # id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) # ./yggdrasil -autoconf -logto /dev/null -user nobody & [1] 4337 # ps -o command,user,group,supgrp -U nobody COMMAND USER GROUP SUPGRP ./yggdrasil -aut nobody nobody wheel,kmem,sys,tty,operator,staff,guest ``` Fix that so the process runs as mere ``` COMMAND USER GROUP SUPGRP ./yggdrasil -aut nobody nobody nobody ``` Fixes #927.
2024-11-11 19:28:28 +00:00
if err := syscall.Setgroups([]int{int(gid)}); err != nil {
return fmt.Errorf("failed to setgroups %d: %v", gid, err)
}
argument to change uid/gid (#927) different from https://github.com/yggdrasil-network/yggdrasil-go/pull/817 in that it can resolve user names, automatically use user's primary gid & allows specifying gid in the same argument, with `:` eg `username:groupname`. feel free to criticize & suggest different argument name & description because i didn't put much of thought to that. --------- Co-authored-by: Neil <git@neilalexander.dev> Co-authored-by: VNAT <xepjk@protonmail.com> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-09-22 15:46:54 +00:00
err = syscall.Setgid(int(gid))
} else {
err = errors.New("gid too big")
}
if err != nil {
return fmt.Errorf("failed to setgid %d: %v", gid, err)
}
} else if u != nil {
gid, _ := strconv.ParseUint(u.Gid, 10, 32)
Set groups when dropping privileges to not leak supplementary group access (#1202) Changing the real and effective user/group IDs and the saved set-user/group-ID is not enough to get rid of intial access permissions. The list of groups must be cleared also, otherwise a process changing from, e.g. `root:root` to `nobody:nobody` retains rights to access `:wheel` files (assuming `root` is a member of the `wheel` group). For example: ``` # id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) # ./yggdrasil -autoconf -logto /dev/null -user nobody & [1] 4337 # ps -o command,user,group,supgrp -U nobody COMMAND USER GROUP SUPGRP ./yggdrasil -aut nobody nobody wheel,kmem,sys,tty,operator,staff,guest ``` Fix that so the process runs as mere ``` COMMAND USER GROUP SUPGRP ./yggdrasil -aut nobody nobody nobody ``` Fixes #927.
2024-11-11 19:28:28 +00:00
if err := syscall.Setgroups([]int{int(uint32(gid))}); err != nil {
return fmt.Errorf("failed to setgroups %d: %v", gid, err)
}
argument to change uid/gid (#927) different from https://github.com/yggdrasil-network/yggdrasil-go/pull/817 in that it can resolve user names, automatically use user's primary gid & allows specifying gid in the same argument, with `:` eg `username:groupname`. feel free to criticize & suggest different argument name & description because i didn't put much of thought to that. --------- Co-authored-by: Neil <git@neilalexander.dev> Co-authored-by: VNAT <xepjk@protonmail.com> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-09-22 15:46:54 +00:00
err := syscall.Setgid(int(uint32(gid)))
if err != nil {
return fmt.Errorf("failed to setgid %d: %v", gid, err)
}
}
if u != nil {
uid, _ := strconv.ParseUint(u.Uid, 10, 32)
var err error
if uid < math.MaxInt {
err = syscall.Setuid(int(uid))
} else {
err = errors.New("uid too big")
}
if err != nil {
return fmt.Errorf("failed to setuid %d: %v", uid, err)
}
}
return nil
}
Reference in New Issue Copy Permalink