diff options
| author | sid77 <sid77@slackware.it> | 2016-08-21 02:00:41 +0200 |
|---|---|---|
| committer | Marco Bonetti <marco@intercom.io> | 2016-08-26 10:04:41 +0100 |
| commit | 4028762f4a81a59ccc6d6e5662fa7e341fc74336 (patch) | |
| tree | 0124ed9d2cf5ef154c2d4923643d9bdcc1edb638 /vendor | |
| parent | bc966492134279c03458cab2ed2f2f51104ee283 (diff) | |
First attempt at dropping privileges
Diffstat (limited to 'vendor')
| -rw-r--r-- | vendor/github.com/sid77/drop/LICENSE | 21 | ||||
| -rw-r--r-- | vendor/github.com/sid77/drop/drop.go | 35 | ||||
| -rw-r--r-- | vendor/github.com/sid77/drop/syscall/setre.go | 17 | ||||
| -rw-r--r-- | vendor/github.com/sid77/drop/syscall/setres.go | 17 |
4 files changed, 90 insertions, 0 deletions
diff --git a/vendor/github.com/sid77/drop/LICENSE b/vendor/github.com/sid77/drop/LICENSE new file mode 100644 index 0000000..37004bf --- /dev/null +++ b/vendor/github.com/sid77/drop/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016 Marco Bonetti + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/sid77/drop/drop.go b/vendor/github.com/sid77/drop/drop.go new file mode 100644 index 0000000..0fb64a9 --- /dev/null +++ b/vendor/github.com/sid77/drop/drop.go @@ -0,0 +1,35 @@ +package drop + +import ( + "os/user" + "strconv" + + "github.com/sid77/drop/syscall" +) + +func DropPrivileges(runAsUser string) (err error) { + usr, err := user.Lookup(runAsUser) + if err != nil { + return err + } + + gid, err := strconv.Atoi(usr.Gid) + if err != nil { + return err + } + + uid, err := strconv.Atoi(usr.Uid) + if err != nil { + return err + } + + if err = syscall.Setgid(gid); err != nil { + return err + } + + if err = syscall.Setuid(uid); err != nil { + return err + } + + return nil +} diff --git a/vendor/github.com/sid77/drop/syscall/setre.go b/vendor/github.com/sid77/drop/syscall/setre.go new file mode 100644 index 0000000..ecf5ea9 --- /dev/null +++ b/vendor/github.com/sid77/drop/syscall/setre.go @@ -0,0 +1,17 @@ +// +build !linux + +package syscall + +import ( + "syscall" +) + +func Setuid(uid int) error { + err := syscall.Setreuid(uid, uid) + return err +} + +func Setgid(gid int) error { + err := syscall.Setregid(gid, gid) + return err +} diff --git a/vendor/github.com/sid77/drop/syscall/setres.go b/vendor/github.com/sid77/drop/syscall/setres.go new file mode 100644 index 0000000..afe43b9 --- /dev/null +++ b/vendor/github.com/sid77/drop/syscall/setres.go @@ -0,0 +1,17 @@ +// +build linux + +package syscall + +import ( + "syscall" +) + +func Setuid(uid int) error { + err := syscall.Setresuid(uid, uid, uid) + return err +} + +func Setgid(gid int) error { + err := syscall.Setresgid(gid, gid, gid) + return err +} |