summaryrefslogtreecommitdiff
path: root/vendor/github.com
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com')
-rw-r--r--vendor/github.com/sarnowski/mitigation/LICENSE13
-rw-r--r--vendor/github.com/sarnowski/mitigation/README50
-rw-r--r--vendor/github.com/sarnowski/mitigation/mitigation.go118
3 files changed, 0 insertions, 181 deletions
diff --git a/vendor/github.com/sarnowski/mitigation/LICENSE b/vendor/github.com/sarnowski/mitigation/LICENSE
deleted file mode 100644
index 1c949b5..0000000
--- a/vendor/github.com/sarnowski/mitigation/LICENSE
+++ /dev/null
@@ -1,13 +0,0 @@
-Copyright (c) 2012 Tobias Sarnowski <tobias@trustedco.de>
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/vendor/github.com/sarnowski/mitigation/README b/vendor/github.com/sarnowski/mitigation/README
deleted file mode 100644
index e7779eb..0000000
--- a/vendor/github.com/sarnowski/mitigation/README
+++ /dev/null
@@ -1,50 +0,0 @@
-mitigation for go applications
-=============================================================================
-
-Package mitigation provides the possibility to prevent damage caused by bugs
-or exploits.
-
-
-Techniques
------------------------------------------------------------------------------
-
-The package uses multiple techniques to mitigate damage:
-
- - privilege revocation: switch to an unprivileged user
- - chroot jail: restrict filesystem access
- - defined environment: reset all environment variables
-
-Enables the ability to implement system-supported privilege seperation.
-
-
-Installation
------------------------------------------------------------------------------
-
-To install and use the mitigation execute the following command:
-
- go get github.com/sarnowski/mitigation
-
-
-Documentation
------------------------------------------------------------------------------
-
-Documentation is provided in the go way and is accessible through "godoc".
-You will find explanation, requirements and examples.
-
-
-License
------------------------------------------------------------------------------
-
-Copyright (c) 2012 Tobias Sarnowski <tobias@trustedco.de>
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/vendor/github.com/sarnowski/mitigation/mitigation.go b/vendor/github.com/sarnowski/mitigation/mitigation.go
deleted file mode 100644
index a1110e4..0000000
--- a/vendor/github.com/sarnowski/mitigation/mitigation.go
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
-Package mitigation provides the possibility to prevent damage through bugs or exploits.
-
-The package uses multiple techniques to mitigate damage:
- - privilege revocation: switch to an unprivileged user
- - chroot jail: restrict filesystem access
- - defined environment: reset all environment variables
-
-The following prerequisites are nessecary:
- - The application must run as root
- - You need to provide a valid user id
- - You need to provide a valid group id
- - You need to provide an existing path
-
-Activate() will not return any error. It will panic as soon as anything
-goes wrong because there is no good way to recover. To provide a sensible
-fallback you can use the CanActivate() function.
-
-WARNING: Windows is not supported. Windows has no equivalents for the used
-techniques.
-
-WARNING: Linux is not POSIX compatible and therefor setuid() only changes the
-user ID of the current thread. At the time, there is no way to safely use
-this within go as there may already be other threads spawned at the time
-this library is called. More about this issue here:
- http://code.google.com/p/go/issues/detail?id=1435
- http://groups.google.com/group/golang-nuts/browse_thread/thread/059597aafdd84a0e
-
-The following table summarizes the behaviours:
- openbsd: safe
- freebsd: safe
- darwin: safe
- linux: unsafe
- windows: not supported
-
-*/
-package mitigation
-
-import (
- "os"
- "runtime"
- "syscall"
-)
-
-// Checks if it is possible to activate the mitigation.
-func CanActivate() bool {
- if runtime.GOOS == "windows" || runtime.GOARCH == "arm" {
- return false
- }
-
- uid := syscall.Getuid()
- return uid == 0
-}
-
-// Activates the mitigation measurements.
-func Activate(uid int, gid int, path string) {
- if !CanActivate() {
- panic("Cannot activate mitigation measurements!")
- }
-
- // chroot directory
- err := syscall.Chroot(path)
- if err != nil {
- panic(err)
- }
-
- // change directory to new /
- err = syscall.Chdir("/")
- if err != nil {
- panic(err)
- }
-
- // drop all other groups
- err = syscall.Setgroups([]int{gid})
- if err != nil {
- panic(err)
- }
-
- // verify the empty group list
- gids, err := syscall.Getgroups()
- if err != nil {
- panic("Could not read groups!")
- }
- if len(gids) > 1 {
- panic("Could not drop groups!")
- } else if len(gids) == 1 {
- if gids[0] != gid {
- panic("Could not drop foreign groups!")
- }
- }
-
- // change group
- err = syscall.Setgid(gid)
- if err != nil {
- panic(err)
- }
-
- // verify the group change
- ngid := syscall.Getgid()
- if ngid != gid {
- panic("Could not change group id!")
- }
-
- // change user
- err = syscall.Setuid(uid)
- if err != nil {
- panic(err)
- }
-
- // verify the user change
- nuid := syscall.Getuid()
- if nuid != uid {
- panic("Could not change user id!")
- }
-
- // now drop all environment variables
- os.Clearenv()
-}