fsu: implement simple setuid user switcher
All checks were successful
test / test (push) Successful in 20s
All checks were successful
test / test (push) Successful in 20s
Contains path to fortify set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
09feda3783
commit
5524e09a5f
131
cmd/fsu/main.go
Normal file
131
cmd/fsu/main.go
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bufio"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
"path"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
"syscall"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
fsuConfFile = "/etc/fsurc"
|
||||||
|
envShim = "FORTIFY_SHIM"
|
||||||
|
envAID = "FORTIFY_APP_ID"
|
||||||
|
|
||||||
|
fpPoison = "INVALIDINVALIDINVALIDINVALIDINVALID"
|
||||||
|
)
|
||||||
|
|
||||||
|
// FortifyPath is the path to fortify, set at compile time.
|
||||||
|
var FortifyPath = fpPoison
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
log.SetFlags(0)
|
||||||
|
log.SetPrefix("fsu: ")
|
||||||
|
log.SetOutput(os.Stderr)
|
||||||
|
|
||||||
|
if os.Geteuid() != 0 {
|
||||||
|
log.Fatal("this program must be owned by uid 0 and have the setuid bit set")
|
||||||
|
}
|
||||||
|
|
||||||
|
puid := os.Getuid()
|
||||||
|
if puid == 0 {
|
||||||
|
log.Fatal("this program must not be started by root")
|
||||||
|
}
|
||||||
|
|
||||||
|
// check compiled in fortify path
|
||||||
|
if FortifyPath == fpPoison || !path.IsAbs(FortifyPath) {
|
||||||
|
log.Fatal("invalid fortify path, this copy of fsu is not compiled correctly")
|
||||||
|
}
|
||||||
|
|
||||||
|
// uid = 1000000 +
|
||||||
|
// fid * 10000 +
|
||||||
|
// aid
|
||||||
|
uid := 1000000
|
||||||
|
|
||||||
|
// authenticate before accepting user input
|
||||||
|
if fid, ok := parseConfig(fsuConfFile, puid); !ok {
|
||||||
|
log.Fatalf("uid %d is not in the fsurc file", puid)
|
||||||
|
} else {
|
||||||
|
uid += fid * 10000
|
||||||
|
}
|
||||||
|
|
||||||
|
// pass through setup path to shim
|
||||||
|
var shimSetupPath string
|
||||||
|
if s, ok := os.LookupEnv(envShim); !ok {
|
||||||
|
log.Fatal("FORTIFY_SHIM not set")
|
||||||
|
} else if !path.IsAbs(s) {
|
||||||
|
log.Fatal("FORTIFY_SHIM is not absolute")
|
||||||
|
} else {
|
||||||
|
shimSetupPath = s
|
||||||
|
}
|
||||||
|
|
||||||
|
// allowed aid range 0 to 9999
|
||||||
|
if as, ok := os.LookupEnv(envAID); !ok {
|
||||||
|
log.Fatal("FORTIFY_APP_ID not set")
|
||||||
|
} else if aid, err := strconv.Atoi(as); err != nil || aid < 0 || aid > 9999 {
|
||||||
|
log.Fatal("invalid aid")
|
||||||
|
} else {
|
||||||
|
uid += aid
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := syscall.Setresgid(uid, uid, uid); err != nil {
|
||||||
|
log.Fatalf("cannot set gid: %v", err)
|
||||||
|
}
|
||||||
|
if err := syscall.Setresuid(uid, uid, uid); err != nil {
|
||||||
|
log.Fatalf("cannot set uid: %v", err)
|
||||||
|
}
|
||||||
|
if err := syscall.Exec(FortifyPath, []string{"fortify", "shim"}, []string{envShim + "=" + shimSetupPath}); err != nil {
|
||||||
|
log.Fatalf("cannot start shim: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
panic("unreachable")
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseConfig(p string, puid int) (fid int, ok bool) {
|
||||||
|
// refuse to run if fsurc is not protected correctly
|
||||||
|
if s, err := os.Stat(p); err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
} else if s.Mode().Perm() != 0400 {
|
||||||
|
log.Fatal("bad fsurc perm")
|
||||||
|
} else if st := s.Sys().(*syscall.Stat_t); st.Uid != 0 || st.Gid != 0 {
|
||||||
|
log.Fatal("fsurc must be owner by uid 0")
|
||||||
|
}
|
||||||
|
|
||||||
|
if r, err := os.Open(p); err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
return -1, false
|
||||||
|
} else {
|
||||||
|
s := bufio.NewScanner(r)
|
||||||
|
var line int
|
||||||
|
for s.Scan() {
|
||||||
|
line++
|
||||||
|
|
||||||
|
// <puid> <fid>
|
||||||
|
lf := strings.SplitN(s.Text(), " ", 2)
|
||||||
|
if len(lf) != 2 {
|
||||||
|
log.Fatalf("invalid entry on line %d", line)
|
||||||
|
}
|
||||||
|
|
||||||
|
var puid0 int
|
||||||
|
if puid0, err = strconv.Atoi(lf[0]); err != nil || puid0 < 1 {
|
||||||
|
log.Fatalf("invalid parent uid on line %d", line)
|
||||||
|
}
|
||||||
|
|
||||||
|
ok = puid0 == puid
|
||||||
|
if ok {
|
||||||
|
// allowed fid range 0 to 99
|
||||||
|
if fid, err = strconv.Atoi(lf[1]); err != nil || fid < 0 || fid > 99 {
|
||||||
|
log.Fatalf("invalid fortify uid on line %d", line)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err = s.Err(); err != nil {
|
||||||
|
log.Fatalf("cannot read fsurc: %v", err)
|
||||||
|
}
|
||||||
|
return -1, false
|
||||||
|
}
|
||||||
|
}
|
@ -34,9 +34,7 @@
|
|||||||
|
|
||||||
devShells = forAllSystems (system: {
|
devShells = forAllSystems (system: {
|
||||||
default = nixpkgsFor.${system}.mkShell {
|
default = nixpkgsFor.${system}.mkShell {
|
||||||
buildInputs =
|
buildInputs = with nixpkgsFor.${system}; self.packages.${system}.fortify.buildInputs;
|
||||||
with nixpkgsFor.${system};
|
|
||||||
self.packages.${system}.fortify.buildInputs;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
withPackage = nixpkgsFor.${system}.mkShell {
|
withPackage = nixpkgsFor.${system}.mkShell {
|
||||||
|
@ -20,6 +20,8 @@ buildGoModule rec {
|
|||||||
"-w"
|
"-w"
|
||||||
"-X"
|
"-X"
|
||||||
"main.Version=v${version}"
|
"main.Version=v${version}"
|
||||||
|
"-X"
|
||||||
|
"main.FortifyPath=${placeholder "out"}/bin/fortify"
|
||||||
];
|
];
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
@ -36,5 +38,7 @@ buildGoModule rec {
|
|||||||
xdg-dbus-proxy
|
xdg-dbus-proxy
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mv $out/bin/fsu $out/bin/.fsu
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user