P.S.: In the above pseudo-code example, please replace "setfsuid" with "SetfsuidRetUid" from golang.org/x/sys/unix.
P.P.S.: I know that in the Linux C API, setfsuid() is deprecated in favour of seteuid(), as the former non-POSIX syscall has been obsolete since Linux 2.0 (see the notes in "man 2 setfsuid" and "man 2 kill" for full story). However, the Go standard library does not appear to offer an implementation of seteuid. So SetfsuidRetUid still seems the function to call here to temporarily access a file owned by the user with the privileges of the user. An alternative would be to use Setresuid, as in
LockOSThread()
o = Geteuid()
Setresuid(-1, u.Uid, -1)
... read file securely with the euid of user, without having to worry about races & symlinks ...
Setresuid(-1, o, -1)
UnlockOSThread()
which does the same thing, is more POSIX portable (in case you care about non-Linux kernels), but requires one syscall more.
P.S.: In the above pseudo-code example, please replace "setfsuid" with "SetfsuidRetUid" from golang. org/x/sys/ unix.
P.P.S.: I know that in the Linux C API, setfsuid() is deprecated in favour of seteuid(), as the former non-POSIX syscall has been obsolete since Linux 2.0 (see the notes in "man 2 setfsuid" and "man 2 kill" for full story). However, the Go standard library does not appear to offer an implementation of seteuid. So SetfsuidRetUid still seems the function to call here to temporarily access a file owned by the user with the privileges of the user. An alternative would be to use Setresuid, as in
LockOSThread()
o = Geteuid()
Setresuid(-1, u.Uid, -1)
... read file securely with the euid of user, without having to worry about races & symlinks ...
Setresuid(-1, o, -1)
UnlockOSThread()
which does the same thing, is more POSIX portable (in case you care about non-Linux kernels), but requires one syscall more.