gomium

command
v0.0.0-...-46821ba Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

golang code execution without imports using only data races

It works on current tip (Go 1.18), regardless of PIE: 

$ go version
go version devel go1.18-6178d25fc0 Wed Dec 29 20:20:32 2021 +0000 linux/amd64
$ go run exploit.go
uid=1000(user) gid=1000(user) groups=1000(user)
$ go run -buildmode=pie exploit.go
uid=1000(user) gid=1000(user) groups=1000(user)

As well as old versions: 

$ for v in 1.{17..8} 1.7.6 1.6.4 1.5.4; do
    go install golang.org/dl/go${v}@latest >/dev/null 2>&1 || continue
    go$v download >/dev/null 2>&1
    go$v version
    go$v run exploit.go
  done
go version go1.17 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.16 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.15 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.14 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.13 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.12 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.11 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.10 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.9 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.8 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.7.6 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.6.4 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)
go version go1.5.4 linux/amd64
uid=1000(user) gid=1000(user) groups=1000(user)

To test further back we have to compile from source, and also set GOMAXPROCS=2 as the default was 1 before go1.5: 

$ ( git clone -b release-branch.go1.4 --depth 1 https://go.googlesource.com/go go1.4
    cd go1.4/src
    ./make.bash )
$ go1.4/bin/go version
go version go1.4-bootstrap-20170531 linux/amd64
$ GOMAXPROCS=2 go1.4/bin/go run exploit.go
uid=1000(user) gid=1000(user) groups=1000(user)

From there, building from a modern system requires small tweaks: 

$ ( git clone -b release-branch.go1.3 --depth 1 https://go.googlesource.com/go go1.3
    cd go1.3/src
    CGO_ENABLED=0 CFLAGS='-Wno-implicit-fallthrough -Wno-shift-negative-value' ./make.bash )
$ go1.3/bin/go version
go version go1.3.3 linux/amd64
$ GOMAXPROCS=2 go1.3/bin/go run exploit.go
uid=1000(user) gid=1000(user) groups=1000(user)

$ ( git clone -b release-branch.go1.2 --depth 1 https://go.googlesource.com/go go1.2
    cd go1.2/src
    sed -i 's/-Werror//' make.bash
    sed -i 's/"-Werror",//' cmd/dist/build.c
    CGO_ENABLED=0 ./make.bash )
$ go1.2/bin/go version
go version go1.2.2 linux/amd64
$ GOMAXPROCS=2 go1.2/bin/go run exploit.go
uid=1000(user) gid=1000(user) groups=1000(user)

$ ( git clone -b release-branch.go1.1 --depth 1 https://go.googlesource.com/go go1.1
    cd go1.1/src
    sed -i 's/-Werror//' make.bash
    sed -i 's/"-Werror",//' cmd/dist/build.c
    CGO_ENABLED=0 ./make.bash )
$ go1.1/bin/go version
go version go1.1.2 linux/amd64
$ GOMAXPROCS=2 go1.1/bin/go run exploit.go
uid=1000(user) gid=1000(user) groups=1000(user)

Unfortunately I couldn't get go1 to compile on my system (I'm getting a weird fault), but it probably works as well.

Browser for the Web 3.0.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.