File tree Expand file tree Collapse file tree 3 files changed +62
-0
lines changed Expand file tree Collapse file tree 3 files changed +62
-0
lines changed Original file line number Diff line number Diff line change 11port : 1234
2+ # user: hooktftp
23hooks :
34
45 - name : Shell hook
Original file line number Diff line number Diff line change 1+ package main
2+
3+ import (
4+ "os/user"
5+ "strconv"
6+ "syscall"
7+ )
8+
9+ func DropPrivileges (username string ) error {
10+ userInfo , err := user .Lookup (username )
11+ if err != nil {
12+ return err
13+ }
14+
15+ uid , err := strconv .Atoi (userInfo .Uid )
16+ if err != nil {
17+ return err
18+ }
19+
20+ gid , err := strconv .Atoi (userInfo .Gid )
21+ if err != nil {
22+ return err
23+ }
24+
25+ // TODO: should set secondary groups too
26+ err = syscall .Setgroups ([]int {gid })
27+ if err != nil {
28+ return err
29+ }
30+
31+ err = syscall .Setgid (gid )
32+ if err != nil {
33+ return err
34+ }
35+
36+ err = syscall .Setuid (uid )
37+ if err != nil {
38+ return err
39+ }
40+
41+ return nil
42+ }
43+
Original file line number Diff line number Diff line change @@ -10,6 +10,8 @@ import (
1010 "io/ioutil"
1111 "net"
1212 "os"
13+ "os/user"
14+ "syscall"
1315 "time"
1416)
1517
@@ -154,6 +156,22 @@ func main() {
154156
155157 fmt .Println ("Listening on" , conf .Port )
156158
159+ if conf .User != "" {
160+ err := DropPrivileges (conf .User )
161+ if err != nil {
162+ fmt .Printf ("Failed to drop privileges to '%s' error: %v" , conf .User , err )
163+ return
164+ }
165+ currentUser , _ := user .Current ()
166+ fmt .Println ("Dropped privileges to" , currentUser )
167+ }
168+
169+ if conf .User == "" && syscall .Getuid () == 0 {
170+ fmt .Println ("!!!!!!!!!" )
171+ fmt .Println ("WARNING: Running as root and 'user' is not set in" , CONFIG_PATH )
172+ fmt .Println ("!!!!!!!!!" )
173+ }
174+
157175 for {
158176 res , err := server .Accept ()
159177 if err != nil {
You can’t perform that action at this time.
0 commit comments