fixed uid/gid bound check regression (#1555)
This commit is contained in:
mmetc
GitHub
parent
a7c7ea5712
commit
357899b83e
1 changed files with 5 additions and 18 deletions
|
|
@ -82,32 +82,19 @@ func getPluginTypeAndSubtypeFromPath(path string) (string, string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func getProcessAttr(username string, groupname string) (*syscall.SysProcAttr, error) {
|
func getProcessAttr(username string, groupname string) (*syscall.SysProcAttr, error) {
|
||||||
u, err := user.Lookup(username)
|
uid, err := getUID(username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
g, err := user.LookupGroup(groupname)
|
gid, err := getGID(groupname)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
uid, err := strconv.ParseInt(u.Uid, 10, 32)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if uid < 0 && uid > math.MaxInt32 {
|
|
||||||
return nil, fmt.Errorf("out of bound uid")
|
|
||||||
}
|
|
||||||
gid, err := strconv.ParseInt(g.Gid, 10, 32)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if gid < 0 && gid > math.MaxInt32 {
|
|
||||||
return nil, fmt.Errorf("out of bound gid")
|
|
||||||
}
|
|
||||||
return &syscall.SysProcAttr{
|
return &syscall.SysProcAttr{
|
||||||
Credential: &syscall.Credential{
|
Credential: &syscall.Credential{
|
||||||
Uid: uint32(uid),
|
Uid: uid,
|
||||||
Gid: uint32(gid),
|
Gid: gid,
|
||||||
},
|
},
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue