From b3ecf954560380c6250443c4dd6fe10037346b52 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 06:48:13 -0800 Subject: [PATCH 1/4] Bump github.com/deckarep/golang-set/v2 from 2.6.0 to 2.7.0 (#108) Bumps [github.com/deckarep/golang-set/v2](https://github.com/deckarep/golang-set) from 2.6.0 to 2.7.0. - [Release notes](https://github.com/deckarep/golang-set/releases) - [Commits](https://github.com/deckarep/golang-set/compare/v2.6.0...v2.7.0) --- updated-dependencies: - dependency-name: github.com/deckarep/golang-set/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 57621a7..18b2269 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ replace ( require ( github.com/Knetic/govaluate v3.0.0+incompatible - github.com/deckarep/golang-set/v2 v2.6.0 + github.com/deckarep/golang-set/v2 v2.7.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/xuri/excelize/v2 v2.9.0 diff --git a/go.sum b/go.sum index 0959aea..e14439d 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,8 @@ github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8L github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/deckarep/golang-set/v2 v2.6.0 h1:XfcQbWM1LlMB8BsJ8N9vW5ehnnPVIw0je80NsVHagjM= -github.com/deckarep/golang-set/v2 v2.6.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= +github.com/deckarep/golang-set/v2 v2.7.0 h1:gIloKvD7yH2oip4VLhsv3JyLLFnC0Y2mlusgcvJYW5k= +github.com/deckarep/golang-set/v2 v2.7.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= From 71f651125e4a72cd795b78047a1d3ab4ff82f232 Mon Sep 17 00:00:00 2001 From: Jason Harper Date: Thu, 5 Dec 2024 13:21:17 -0800 Subject: [PATCH 2/4] don't prepend sudo to command if user is superuser (#110) --- internal/script/script.go | 10 +++++++--- internal/target/target.go | 18 ++++++++++++++++-- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/internal/script/script.go b/internal/script/script.go index 4eacf29..e19f9fe 100644 --- a/internal/script/script.go +++ b/internal/script/script.go @@ -107,7 +107,7 @@ func RunScripts(myTarget target.Target, scripts []ScriptDefinition, ignoreScript continue } if script.Superuser && !canElevate { - slog.Info("skipping script because it requires superuser privileges and the target cannot elevate privileges", slog.String("script", script.Name)) + slog.Info("skipping script because it requires superuser privileges and the user cannot elevate privileges on target", slog.String("script", script.Name)) continue } if script.Sequential { @@ -163,8 +163,12 @@ func RunScripts(myTarget target.Target, scripts []ScriptDefinition, ignoreScript // instigates a known bug in the terminal that corrupts the tty settings: // https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043320 var cmd *exec.Cmd - if needsElevatedPrivileges { - // run master script with sudo, "-S" to read password from stdin + if needsElevatedPrivileges && !canElevate { + // this shouldn't happen because we already filtered out the scripts that require elevated privileges if the user cannot elevate privileges on the target + err = fmt.Errorf("master script requires elevated privileges but the user cannot elevate privileges on target") + return nil, err + } else if needsElevatedPrivileges && !myTarget.IsSuperUser() { + // run master script with sudo, "-S" to read password from stdin. Note: password won't be asked for if password-less sudo is configured. cmd = exec.Command("sudo", "-S", "bash", path.Join(myTarget.GetTempDirectory(), masterScriptName)) } else { cmd = exec.Command("bash", path.Join(myTarget.GetTempDirectory(), masterScriptName)) diff --git a/internal/target/target.go b/internal/target/target.go index 3e4331b..206d8d0 100644 --- a/internal/target/target.go +++ b/internal/target/target.go @@ -35,6 +35,10 @@ type Target interface { // It returns true if the user can elevate privileges, false otherwise. CanElevatePrivileges() bool + // IsSuperUser checks if the current user is a superuser. + // It returns true if the user is a superuser, false otherwise. + IsSuperUser() bool + // GetArchitecture returns the architecture of the target system. // It returns a string representing the architecture and any error that occurred. GetArchitecture() (arch string, err error) @@ -370,7 +374,7 @@ func (t *LocalTarget) CanElevatePrivileges() bool { if t.canElevate != 0 { return t.canElevate == 1 } - if os.Geteuid() == 0 { + if t.IsSuperUser() { t.canElevate = 1 return true // user is root } @@ -406,7 +410,7 @@ func (t *RemoteTarget) CanElevatePrivileges() bool { if t.canElevate != 0 { return t.canElevate == 1 } - if t.user == "root" { + if t.IsSuperUser() { t.canElevate = 1 return true } @@ -420,6 +424,16 @@ func (t *RemoteTarget) CanElevatePrivileges() bool { return false } +// IsSuperUser checks if the current user is a superuser. +// It returns true if the user is a superuser, false otherwise. +func (t *LocalTarget) IsSuperUser() bool { + return os.Geteuid() == 0 +} + +func (t *RemoteTarget) IsSuperUser() bool { + return t.user == "root" +} + // InstallLkms installs the specified LKMs (Loadable Kernel Modules) on the target. // It returns the list of installed LKMs and any error encountered during the installation process. func (t *LocalTarget) InstallLkms(lkms []string) (installedLkms []string, err error) { From 8621d0c4a6a19759eea26ffc713c6ff22dbd1e6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 13:21:42 -0800 Subject: [PATCH 3/4] Bump golang.org/x/term from 0.26.0 to 0.27.0 (#111) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.26.0 to 0.27.0. - [Commits](https://github.com/golang/term/compare/v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 18b2269..816579a 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/xuri/excelize/v2 v2.9.0 golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 - golang.org/x/term v0.26.0 + golang.org/x/term v0.27.0 golang.org/x/text v0.20.0 gopkg.in/yaml.v2 v2.4.0 ) @@ -33,5 +33,5 @@ require ( github.com/xuri/nfp v0.0.0-20240318013403-ab9948c2c4a7 // indirect golang.org/x/crypto v0.28.0 // indirect golang.org/x/net v0.30.0 // indirect - golang.org/x/sys v0.27.0 // indirect + golang.org/x/sys v0.28.0 // indirect ) diff --git a/go.sum b/go.sum index e14439d..6c1a4b1 100644 --- a/go.sum +++ b/go.sum @@ -37,10 +37,10 @@ golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ= golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E= golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= From 8d60a4727d6dd5e20a7c6e51e8ba6d270ddc28af Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 13:24:01 -0800 Subject: [PATCH 4/4] Bump golang.org/x/text from 0.20.0 to 0.21.0 (#112) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.20.0 to 0.21.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 816579a..480a474 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/xuri/excelize/v2 v2.9.0 golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 golang.org/x/term v0.27.0 - golang.org/x/text v0.20.0 + golang.org/x/text v0.21.0 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index 6c1a4b1..ef506b1 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=