From f12d854fcf5e46fe526a92a316b2c6ec118fcea3 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Sun, 20 Jan 2019 12:35:37 +0100 Subject: Replace fcgi with plain http server --- privsep.go | 36 ------------------------------------ 1 file changed, 36 deletions(-) delete mode 100644 privsep.go (limited to 'privsep.go') diff --git a/privsep.go b/privsep.go deleted file mode 100644 index 9968254..0000000 --- a/privsep.go +++ /dev/null @@ -1,36 +0,0 @@ -// This file implements privilege separation - -package main - -import ( - "errors" - "net" - "os" - "os/user" - "path" - "strconv" - - "github.com/sarnowski/mitigation" -) - -func dropPrivAndListen(userName, sockPath string) (net.Listener, error) { - if !mitigation.CanActivate() { - return nil, errors.New("cannot drop privileges") - } - usr, _ := user.Lookup(userName) - uid, _ := strconv.Atoi(usr.Uid) - gid, _ := strconv.Atoi(usr.Gid) - - socket := path.Join(usr.HomeDir, sockPath) - os.Remove(socket) - - l, err := net.Listen("unix", socket) - if err != nil { - return nil, err - } - os.Chown(socket, uid, gid) - os.Chmod(socket, 0660) - - mitigation.Activate(uid, gid, usr.HomeDir) - return l, nil -} -- cgit v1.2.3