Enhance permission handling in package installation and removal commands; add user management functions for improved security. Now for every time packets will execute lua scripts, it will change process euid to an unprivileged user; Now lua scripts can execute more lua default functions

2025-09-28 21:55:13 -03:00
parent 3591460214
commit 0e8db8b40e
5 changed files with 100 additions and 150 deletions
--- a/internal/utils/utils.go
+++ b/internal/utils/utils.go
@@ -10,9 +10,12 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
+	"strconv"
 	"strings"
+	"syscall"

 	"packets/configs"
 	"packets/internal/consts"
@@ -393,3 +396,34 @@ skipping:

 	return this, nil
 }
+
+func GetPacketsUID() (int, error) {
+	_ = exec.Command("useradd", "-M", "-N", "packets").Run()
+	cmd := exec.Command("id", "-u", "packets")
+
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return -1, err
+	}
+
+	s := strings.TrimSpace(string(out))
+	uid, err := strconv.Atoi(s)
+	if err != nil {
+		return -1, err
+	}
+	return uid, nil
+}
+
+func ChangeToNoPermission() error {
+	_ = exec.Command("useradd", "-M", "-N", "packets").Run()
+
+	uid, err := GetPacketsUID()
+	if err != nil {
+		return err
+	}
+
+	return syscall.Setresuid(0, uid, 0)
+
+}
+
+func ElevatePermission() error { return syscall.Setresuid(0, 0, 0) }