5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-12-22 23:25:39 +00:00
yggdrasil-go/cmd/yggdrasil/chuser_unix.go
Klemens Nanni 75d2080e53
Set groups when dropping privileges to not leak supplementary group access (#1202)
Changing the real and effective user/group IDs and the saved
set-user/group-ID is not enough to get rid of intial access permissions.

The list of groups must be cleared also, otherwise a process changing
from, e.g. `root:root` to `nobody:nobody` retains rights to access
`:wheel` files (assuming `root` is a member of the `wheel` group).

For example:
```
# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
# ./yggdrasil -autoconf -logto /dev/null -user nobody &
[1] 4337
# ps -o command,user,group,supgrp -U nobody
COMMAND          USER     GROUP    SUPGRP
./yggdrasil -aut nobody   nobody   wheel,kmem,sys,tty,operator,staff,guest
```

Fix that so the process runs as mere
```
COMMAND          USER     GROUP    SUPGRP
./yggdrasil -aut nobody   nobody   nobody
```

Fixes #927.
2024-11-11 19:28:28 +00:00

94 lines
2.1 KiB
Go

//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
package main
import (
"errors"
"fmt"
"math"
osuser "os/user"
"strconv"
"strings"
"syscall"
)
func chuser(user string) error {
group := ""
if i := strings.IndexByte(user, ':'); i >= 0 {
user, group = user[:i], user[i+1:]
}
u := (*osuser.User)(nil)
g := (*osuser.Group)(nil)
if user != "" {
if _, err := strconv.ParseUint(user, 10, 32); err == nil {
u, err = osuser.LookupId(user)
if err != nil {
return fmt.Errorf("failed to lookup user by id %q: %v", user, err)
}
} else {
u, err = osuser.Lookup(user)
if err != nil {
return fmt.Errorf("failed to lookup user by name %q: %v", user, err)
}
}
}
if group != "" {
if _, err := strconv.ParseUint(group, 10, 32); err == nil {
g, err = osuser.LookupGroupId(group)
if err != nil {
return fmt.Errorf("failed to lookup group by id %q: %v", user, err)
}
} else {
g, err = osuser.LookupGroup(group)
if err != nil {
return fmt.Errorf("failed to lookup group by name %q: %v", user, err)
}
}
}
if g != nil {
gid, _ := strconv.ParseUint(g.Gid, 10, 32)
var err error
if gid < math.MaxInt {
if err := syscall.Setgroups([]int{int(gid)}); err != nil {
return fmt.Errorf("failed to setgroups %d: %v", gid, err)
}
err = syscall.Setgid(int(gid))
} else {
err = errors.New("gid too big")
}
if err != nil {
return fmt.Errorf("failed to setgid %d: %v", gid, err)
}
} else if u != nil {
gid, _ := strconv.ParseUint(u.Gid, 10, 32)
if err := syscall.Setgroups([]int{int(uint32(gid))}); err != nil {
return fmt.Errorf("failed to setgroups %d: %v", gid, err)
}
err := syscall.Setgid(int(uint32(gid)))
if err != nil {
return fmt.Errorf("failed to setgid %d: %v", gid, err)
}
}
if u != nil {
uid, _ := strconv.ParseUint(u.Uid, 10, 32)
var err error
if uid < math.MaxInt {
err = syscall.Setuid(int(uid))
} else {
err = errors.New("uid too big")
}
if err != nil {
return fmt.Errorf("failed to setuid %d: %v", uid, err)
}
}
return nil
}