Skip to content

Instantly share code, notes, and snippets.

@BorePlusPlus
Created July 30, 2014 10:46
Show Gist options
  • Save BorePlusPlus/4f9b2b4cc687c05dbdfb to your computer and use it in GitHub Desktop.
Save BorePlusPlus/4f9b2b4cc687c05dbdfb to your computer and use it in GitHub Desktop.
Setuid/Getuid in golang
$ go build setuid.go
$ sudo su
[sudo] password for bore:
# chown root:root setuid
# chmod u+s setuid
$ ./setuid
Real UID: 1000
Effective UID: 0
Real UID: 1000
Effective UID: 1000
$
// But if I use ps:
$ ps -eo euser,ruser,suser,comm | grep setuid
root bore root setuid
// After seven seconds it's still the same, even if golang reports changed effective UID
$ ps -eo euser,ruser,suser,comm | grep setuid
root bore root setuid
// C implementation behaves as expected
$ ps -eo euser,ruser,suser,comm | grep setuid
root bore root setuid
$ ps -eo euser,ruser,suser,comm | grep setuid
bore bore bore setuid
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
void printdelay()
{
printf("Current UID: %ld\n", (long) getuid());
printf("Effective UID: %ld\n", (long) geteuid());
fflush(stdout);
sleep(7);
}
int main(int argc, char *argv[])
{
printdelay();
if (setuid(getuid()) == -1) {
printf("Error setting UID");
exit(1);
}
printdelay();
return 0;
}
package main
import (
"fmt"
"syscall"
"time"
"log"
"os"
)
func main() {
printdelay()
err := syscall.Setuid(syscall.Getuid())
if err != nil {
log.Fatal(err)
os.Exit(1)
}
printdelay()
}
func printdelay() {
fmt.Printf("Real UID: %d\n", syscall.Getuid())
fmt.Printf("Effective UID: %d\n", syscall.Geteuid())
time.Sleep(7 * time.Second)
}
@traetox
Copy link

traetox commented Dec 12, 2014

thank god someone else is seeing this. I have started drinking heavily tonight becuase there is just no way this is real. I mean... what?!!?!?!?!?

Tested in 1.3.3 on Debian Wheezy and Ubuntu 14.10

@dingdayu
Copy link

dingdayu commented Nov 22, 2017

Linux can not be used,view:golang/go#1435
Mac is normal。

Hope to help latecomers。

@AndrewGMorgan
Copy link

As noted in that bug. This is fixed in go 1.16.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment