osutil

func Constrain ¶

func Constrain(userName, groupName, chrootDir string) error

Constrain downgrades the abilities of the process by changing to a nominated uid/gid which presumably has less power and chroots to a directory that presumably has very little in it or below it.

The order of operations is important. The symbolic user and group names are converted to uid and gid first while we have access to /etc/passwd (or the moral equivalent) then chroot is performed while we presumably have the power to access that directly. After that we eliminate supplementary groups as part of setting the group while we have a powerful uid and then we finally issue setuid that should make this whole sequence irreversible.

Each step is optional if the corresponding parameter is an empty string.

An error is returned if the downgrade could not be completed.

Arguable we should also consider setsid and closing all un-needed file descriptors, but this is a reasonable start for this application. It is also the case that apparently everyone re-writes this function and most get it wrong, so I may have too...

This function is limited on Linux and a noop on Windows.

func ConstraintReport ¶

func ConstraintReport() string

ConstraintReport returns a printable string showing the uid/gid/cwd of the process. Normally called after Constrain() to "prove" that the process has been downgraded. This function is a noop on Windows.

func IsSignalUSR1 ¶

func IsSignalUSR1(s os.Signal) bool

IsSignalUSR1 returns true if the supplied signal is SIGUSR1. A noop on Windows.

func SignalNotify ¶

func SignalNotify(c chan os.Signal)

SignalNotify sends all the main Unix signals to the supplied channel. A noop on Windows.