From 4028762f4a81a59ccc6d6e5662fa7e341fc74336 Mon Sep 17 00:00:00 2001 From: sid77 Date: Sun, 21 Aug 2016 02:00:41 +0200 Subject: First attempt at dropping privileges --- vendor/github.com/sid77/drop/LICENSE | 21 ++++++++++++++++ vendor/github.com/sid77/drop/drop.go | 35 ++++++++++++++++++++++++++ vendor/github.com/sid77/drop/syscall/setre.go | 17 +++++++++++++ vendor/github.com/sid77/drop/syscall/setres.go | 17 +++++++++++++ 4 files changed, 90 insertions(+) create mode 100644 vendor/github.com/sid77/drop/LICENSE create mode 100644 vendor/github.com/sid77/drop/drop.go create mode 100644 vendor/github.com/sid77/drop/syscall/setre.go create mode 100644 vendor/github.com/sid77/drop/syscall/setres.go (limited to 'vendor') diff --git a/vendor/github.com/sid77/drop/LICENSE b/vendor/github.com/sid77/drop/LICENSE new file mode 100644 index 0000000..37004bf --- /dev/null +++ b/vendor/github.com/sid77/drop/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016 Marco Bonetti + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/sid77/drop/drop.go b/vendor/github.com/sid77/drop/drop.go new file mode 100644 index 0000000..0fb64a9 --- /dev/null +++ b/vendor/github.com/sid77/drop/drop.go @@ -0,0 +1,35 @@ +package drop + +import ( + "os/user" + "strconv" + + "github.com/sid77/drop/syscall" +) + +func DropPrivileges(runAsUser string) (err error) { + usr, err := user.Lookup(runAsUser) + if err != nil { + return err + } + + gid, err := strconv.Atoi(usr.Gid) + if err != nil { + return err + } + + uid, err := strconv.Atoi(usr.Uid) + if err != nil { + return err + } + + if err = syscall.Setgid(gid); err != nil { + return err + } + + if err = syscall.Setuid(uid); err != nil { + return err + } + + return nil +} diff --git a/vendor/github.com/sid77/drop/syscall/setre.go b/vendor/github.com/sid77/drop/syscall/setre.go new file mode 100644 index 0000000..ecf5ea9 --- /dev/null +++ b/vendor/github.com/sid77/drop/syscall/setre.go @@ -0,0 +1,17 @@ +// +build !linux + +package syscall + +import ( + "syscall" +) + +func Setuid(uid int) error { + err := syscall.Setreuid(uid, uid) + return err +} + +func Setgid(gid int) error { + err := syscall.Setregid(gid, gid) + return err +} diff --git a/vendor/github.com/sid77/drop/syscall/setres.go b/vendor/github.com/sid77/drop/syscall/setres.go new file mode 100644 index 0000000..afe43b9 --- /dev/null +++ b/vendor/github.com/sid77/drop/syscall/setres.go @@ -0,0 +1,17 @@ +// +build linux + +package syscall + +import ( + "syscall" +) + +func Setuid(uid int) error { + err := syscall.Setresuid(uid, uid, uid) + return err +} + +func Setgid(gid int) error { + err := syscall.Setresgid(gid, gid, gid) + return err +} -- cgit v1.2.3