func test9400(t *testing.T) {
// We synchronize through a shared variable, so we need two procs
defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(2))
// Start signaller
atomic.StoreInt32(&issue9400.Baton, 0)
go func() {
// Wait for RewindAndSetgid
for atomic.LoadInt32(&issue9400.Baton) == 0 {
runtime.Gosched()
}
// Broadcast SIGSETXID
runtime.LockOSThread()
C.setgid(0)
// Indicate that signalling is done
atomic.StoreInt32(&issue9400.Baton, 0)
}()
// Grow the stack and put down a test pattern
const pattern = 0x123456789abcdef
var big [1024]uint64 // len must match assmebly
for i := range big {
big[i] = pattern
}
// Temporarily rewind the stack and trigger SIGSETXID
issue9400.RewindAndSetgid()
// Check test pattern
for i := range big {
if big[i] != pattern {
t.Fatalf("entry %d of test pattern is wrong; %#x != %#x", i, big[i], uint64(pattern))
}
}
}
func changeUser(username string) error {
currentUser, err := user.Current()
if err != nil {
return util.Errorf("Could not determine current user: %s", err)
}
uid, gid, err := p2_user.IDs(username)
if err != nil {
return util.Errorf("Could not retrieve uid/gid for %q: %s", username, err)
}
if strconv.Itoa(uid) == currentUser.Uid && strconv.Itoa(gid) == currentUser.Gid {
return nil
}
userCstring := C.CString(username)
defer C.free(unsafe.Pointer(userCstring))
ret, err := C.initgroups(userCstring, C.__gid_t(gid))
if ret != 0 && err != nil {
return util.Errorf("Could not initgroups for %q (primary gid %v): %s", username, gid, err)
}
ret, err = C.setgid(C.__gid_t(gid))
if ret != 0 && err != nil {
return util.Errorf("Could not setgid %v: %s", gid, err)
}
ret, err = C.setuid(C.__uid_t(uid))
if ret != 0 && err != nil {
return util.Errorf("Could not setuid %v: %s", uid, err)
}
return nil
}
//Setgid set the gid to gid
func Setgid(gid int) error {
ret, err := C.setgid(C.__gid_t(gid))
if ret == C.int(0) {
return nil
}
return err
}
func testSetgid(t *testing.T) {
c := make(chan bool)
go func() {
C.setgid(0)
c <- true
}()
select {
case <-c:
case <-time.After(5 * time.Second):
t.Error("setgid hung")
}
}
func runTestSetgid() bool {
c := make(chan bool)
go func() {
C.setgid(0)
c <- true
}()
select {
case <-c:
return true
case <-time.After(5 * time.Second):
return false
}
}
func DropPrivileges(name string) {
cname := C.CString(name)
home := C.CString("HOME")
slash := C.CString("/")
defer C.cfree(unsafe.Pointer(home))
defer C.cfree(unsafe.Pointer(cname))
defer C.cfree(unsafe.Pointer(slash))
cpw := C.getpwnam(cname)
C.setgid(cpw.pw_gid)
C.setuid(cpw.pw_uid)
C.setenv(home, cpw.pw_dir, 1)
C.setsid()
C.chdir(slash)
C.umask(022)
}
func changeUser(username string) error {
uid, gid, err := user.IDs(username)
if err != nil {
return util.Errorf("Could not retrieve uid/gid for %q: %s", username, err)
}
userCstring := C.CString(username)
defer C.free(unsafe.Pointer(userCstring))
ret, err := C.initgroups(userCstring, C.int(gid))
if ret != 0 && err != nil {
return util.Errorf("Could not initgroups for %q (primary gid %v): %s", username, gid, err)
}
ret, err = C.setgid(C.gid_t(gid))
if ret != 0 && err != nil {
return util.Errorf("Could not setgid %v: %s", gid, err)
}
ret, err = C.setuid(C.uid_t(uid))
if ret != 0 && err != nil {
return util.Errorf("Could not setuid %v: %s", uid, err)
}
return nil
}