Created
August 13, 2018 15:12
-
-
Save chris-rock/d73ae82511036fa7e87c4cfd132b93d7 to your computer and use it in GitHub Desktop.
Run process as nobody from Go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Author Christoph Hartmann | |
| // This is a simple test that tries to execute a simple binary that prints its uid: | |
| // package main | |
| // | |
| // import ( | |
| // "fmt" | |
| // "os/user" | |
| // ) | |
| // | |
| // func main() { | |
| // current, _ := user.Current() | |
| // fmt.Printf("my uid is %s (%s)\n", current.Name, current.Uid) | |
| // } | |
| // Build the binary and make nobody owner of that file | |
| // $ go build -o no main.go | |
| // $ chown nobody:nobody no | |
| // Now, you're able to execute the program | |
| package main | |
| import ( | |
| "fmt" | |
| "log" | |
| "os/exec" | |
| "os/user" | |
| "strconv" | |
| "syscall" | |
| ) | |
| func main() { | |
| // no | |
| command := "./no" | |
| args := []string{} | |
| cmd := exec.Command(command, args...) | |
| // find nobody | |
| nobody, _ := user.Lookup("nobody") | |
| var uid, gid uint32 | |
| if s, err := strconv.ParseUint(nobody.Uid, 10, 32); err == nil { | |
| uid = uint32(s) | |
| } | |
| if s, err := strconv.ParseUint(nobody.Gid, 10, 32); err == nil { | |
| gid = uint32(s) | |
| } | |
| fmt.Printf("Run as user: %d gid: %d\n", uid, gid) | |
| cmd.SysProcAttr = &syscall.SysProcAttr{} | |
| cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid} | |
| out, err := cmd.CombinedOutput() | |
| if err != nil { | |
| log.Println(err) | |
| } | |
| fmt.Printf("%s\n", out) | |
| } | |
| // $ sudo go run main.go x130 | |
| // Run as user: 4294967294 gid: 4294967294 | |
| // my uid is Unprivileged User (4294967294) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment