Documentation ¶
Overview ¶
Package privsep provides a mechanism for a privileged process to create a less-privileged child process with which it maintains a bidirectional communication channel.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateChild ¶
func CreateChild(username, name string, args []string, files []*os.File) (process *os.Process, r io.Reader, w io.Writer, err error)
CreateChild forks a new process to run the program name with its args. As long as that program promptly calls MaybeBecomeChild, it will change its owner to the specified user and re-execute itself to ensure all threads have dropped as well.
If there is a problem starting the child (e.g. the command could not be run or the process owner could not be changed), the child will attempt to communicate the error back to the parent, which will return it in err.
If the operation succeeds, the returned reader and writer will be connected to the less-privileged child--identified by process--after it calls MaybeBecomeChild.
func MaybeBecomeChild ¶
MaybeBecomeChild examines its environment to see if it was started by CreateChild in another process. If so, it attempts to drop privileges, re-execing if necessary. It should be called as early as possible in the life of a program that is intended to be started by CreateChild.
If the process is intended to become the child, isChild will be true. If there is a problem becoming the child, err will be a non-nil value describing why. Otherwise r and w will be connected to their complements which were returned by CreateChild in the parent process.
The same binary may be both parent and child.
Types ¶
This section is empty.