Affected by GO-2024-2468 and 4 other vulnerabilities

GO-2024-2468: snapd Race Condition vulnerability in github.com/snapcore/snapd

GO-2024-2906: CVE-2024-5138 in github.com/snapcore/snapd

GO-2024-3007: snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd

GO-2024-3008: snapd failed to properly check the file type when extracting a snap in github.com/snapcore/snapd

GO-2024-3009: snapd failed to properly check the destination of symbolic links when extracting a snap in github.com/snapcore/snapd

sys

package

v0.0.0-...-55306fc Latest Latest Go to latest Published: Nov 21, 2024 License: GPL-3.0 Imports: 5 Imported by: 155

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/snapcore/snapd

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
func Chown(f *os.File, uid UserID, gid GroupID) error
func ChownPath(path string, uid UserID, gid GroupID) error
func Fchown(fd int, uid UserID, gid GroupID) error
func FchownAt(dirfd uintptr, path string, uid UserID, gid GroupID, flags int) error
func FcntlGetFl(fd int) (int, error)
func MockRunAsUidGidRestoreUidError(err error) (restore func())
func RunAsUidGid(uid UserID, gid GroupID, f func() error) error
type GroupID
- func Getegid() GroupID
- func Getgid() GroupID
type UserID
- func Geteuid() UserID
- func Getuid() UserID

Constants ¶

View Source

const FlagID = 1<<32 - 1

FlagID can be passed to chown-ish functions to mean "no change", and can be returned from getuid-ish functions to mean "not found".

View Source

const O_PATH = 0x200000

As of Go 1.9, the O_PATH constant does not seem to be declared uniformly over all archtiectures.

Variables ¶

This section is empty.

Functions ¶

func Chown ¶

func Chown(f *os.File, uid UserID, gid GroupID) error

func ChownPath ¶

func ChownPath(path string, uid UserID, gid GroupID) error

func Fchown ¶

func Fchown(fd int, uid UserID, gid GroupID) error

func FchownAt ¶

func FchownAt(dirfd uintptr, path string, uid UserID, gid GroupID, flags int) error

func FcntlGetFl ¶

func FcntlGetFl(fd int) (int, error)

func MockRunAsUidGidRestoreUidError ¶

func MockRunAsUidGidRestoreUidError(err error) (restore func())

MockRunAsUidGidRestoreUidError mocks an error from the calls that restore the original euid/egid. Only ever use this in tests.

func RunAsUidGid ¶

func RunAsUidGid(uid UserID, gid GroupID, f func() error) error

RunAsUidGid starts a goroutine, pins it to the OS thread, sets euid and egid, and runs the function; after the function returns, it restores euid and egid.

A caveat is that any go-routine started within RunAsUidGid() will run with the original uid/gid and *not* with the passed uid/gid.

Note that on the *kernel* level the user/group ID are per-thread attributes. However POSIX require all thread to share the same credentials. This is why this code uses RawSyscall() and not the syscall.Setreuid() or similar helper.

This function does not add any security (it's not privilidge dropping), but it's useful to e.g. manipulate files with the right uids/gids.

If restoring the original euid and egid fails this function will let the os-thread die otherwise it will be reused by the runtime.

Types ¶

type GroupID ¶

type GroupID uint32

GroupID is the type of the system's group identifiers (in C, gid_t).

func Getegid ¶

func Getegid() GroupID

func Getgid ¶

func Getgid() GroupID

type UserID ¶

type UserID uint32

UserID is the type of the system's user identifiers (in C, uid_t).

We give it its own explicit type so you don't have to remember that it's a uint32 (which lead to the bug this package fixes in the first place)

func Geteuid ¶

func Geteuid() UserID

func Getuid ¶

func Getuid() UserID

uid_t is an unsigned 32-bit integer in linux right now. so syscall.Gete?[ug]id are wrong, and break in 32 bits (see https://github.com/golang/go/issues/22739)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL