Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/creack/golisten

Privilege de-escalation listen in Go.
https://github.com/creack/golisten

Last synced: about 1 month ago
JSON representation

Privilege de-escalation listen in Go.

Host: GitHub
URL: https://github.com/creack/golisten
Owner: creack
License: mit
Created: 2015-06-20T20:41:03.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2015-06-21T00:29:03.000Z (over 9 years ago)
Last Synced: 2024-05-08T17:43:02.642Z (8 months ago)
Language: Go
Size: 137 KB
Stars: 1
Watchers: 4
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # golisten

Privilege de-escalation listen in Go.

## Overview

`golisten` expects to be root. If it is not, it will error.

As root, perform a `net.Listen()`. Once this is done, we can perform the

privilege de-escalation.

Because of the Go thread model, it is not safe to do so with a "simple" `syscall.Setuid()`.

In order to ensure that the whole process (all threads) are de-escalated, `golsiten` will

fork itself as the requested user while inheriting the privileged listened file descriptor.

`golisten.ListenAndServe` works just like `http.ListenAndServe` but expect the target user

to be run as.

## Example

### ListenAndServe

```go

package main

import (

	"fmt"

	"log"

	"net/http"

	"os/user"

	"github.com/creack/golisten"

)

func handler(w http.ResponseWriter, req *http.Request) {

	u, err := user.Current()

	if err != nil {

		log.Printf("Error getting user: %s", err)

		return

	}

	fmt.Fprintf(w, "%s\n", u.Uid)

}

func main() {

	http.HandleFunc("/", handler)

	log.Fatal(golisten.ListenAndServe("guillaume", ":80", nil))

}

```

### Listen

```go

package main

import (

	"fmt"

	"log"

	"net/http"

	"os/user"

	"github.com/creack/golisten"

)

func handler(w http.ResponseWriter, req *http.Request) {

	u, err := user.Current()

	if err != nil {

		log.Printf("Error getting user: %s", err)

		return

	}

	fmt.Fprintf(w, "%s\n", u.Uid)

}

func ExampleListenAndServe() {

	ln, err := golisten.Listen("guillaume", "tcp", ":80")

	if err != nil {

		log.Fatal(err)

	}

	http.HandleFunc("/", handler)

	log.Fatal(http.Serve(ln, nil))

}

```

## TODO

- ListenAndServeTLS

- Benchmarks

- Tests

- Use environment instead of command-line flag for fd passing