Skip to content

Commit

Permalink
Disallow installing gosu with setuid
Browse files Browse the repository at this point in the history 
There are workarounds for this, but I will intentionally not be describing them because this is definitely not something I can endorse in any way.  Please don't use gosu in this way.
  • Loading branch information
@tianon
tianon committed Aug 17, 2021
1 parent 34383f6 commit 6b600cf
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,13 @@ Usage: {{ .Self }} user-spec command [args]
func main() {
log.SetFlags(0) // no timestamps on our logs

if fi, err := os.Stat("/proc/self/exe"); err != nil {
log.Fatalf("error: %v", err)
} else if fi.Mode()&os.ModeSetuid != 0 {
// ... oh no
log.Fatalf("error: %q appears to be installed with the 'setuid' bit set, which is an *extremely* insecure and completely unsupported configuration! (what you want instead is likely 'sudo' or 'su')", os.Args[0])
}

if len(os.Args) >= 2 {
switch os.Args[1] {
case "--help", "-h", "-?":
Expand Down

0 comments on commit 6b600cf

Please sign in to comment.