Skip to content

Commit

Permalink
Disallow installing gosu with setuid
Browse files Browse the repository at this point in the history 
There are workarounds for this, but I will intentionally not be describing them because this is definitely not something I can endorse in any way.  Please don't use gosu in this way.
  • Loading branch information
@tianon @crazy-max
tianon authored and crazy-max committed Dec 16, 2023
1 parent 2a7d491 commit 8da30b1
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
2 changes: 2 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ FROM alpine:${TEST_ALPINE_VARIANT} AS test-alpine
COPY --from=build /usr/bin/yasu /usr/local/bin/yasu
RUN cut -d: -f1 /etc/group | xargs -n1 addgroup nobody
RUN chgrp nobody /usr/local/bin/yasu && chmod +s /usr/local/bin/yasu
ENV GOSU_PLEASE_LET_ME_BE_COMPLETELY_INSECURE_I_GET_TO_KEEP_ALL_THE_PIECES="I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those moments will be lost in time, like tears in rain. Time to die."
USER nobody
ENV HOME /omg/really/yasu/nowhere
# now we should be nobody, ALL groups, and have a bogus useless HOME value
Expand All @@ -95,6 +96,7 @@ RUN cut -d: -f1 /etc/group | xargs -n1 -I'{}' usermod -aG '{}' nobody
# emulate Alpine's "games" user (which is part of the "users" group)
RUN usermod -aG users games
RUN chgrp nogroup /usr/local/bin/yasu && chmod +s /usr/local/bin/yasu
ENV GOSU_PLEASE_LET_ME_BE_COMPLETELY_INSECURE_I_GET_TO_KEEP_ALL_THE_PIECES="I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those moments will be lost in time, like tears in rain. Time to die."
USER nobody
ENV HOME /omg/really/yasu/nowhere
# now we should be nobody, ALL groups, and have a bogus useless HOME value
Expand Down
9 changes: 9 additions & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,15 @@ Usage: {{ .Self }} user-spec command [args]
func main() {
log.SetFlags(0) // no timestamps on our logs

if ok := os.Getenv("GOSU_PLEASE_LET_ME_BE_COMPLETELY_INSECURE_I_GET_TO_KEEP_ALL_THE_PIECES"); ok != "I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those moments will be lost in time, like tears in rain. Time to die." {
if fi, err := os.Stat("/proc/self/exe"); err != nil {
log.Fatalf("error: %v", err)
} else if fi.Mode()&os.ModeSetuid != 0 {
// ... oh no
log.Fatalf("error: %q appears to be installed with the 'setuid' bit set, which is an *extremely* insecure and completely unsupported configuration! (what you want instead is likely 'sudo' or 'su')", os.Args[0])
}
}

if len(os.Args) >= 2 {
switch os.Args[1] {
case "--help", "-h", "-?":
Expand Down

0 comments on commit 8da30b1

Please sign in to comment.