这是indexloc提供的服务,不要输入任何密码
Skip to content

havenwood/setcred

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
examples
examples
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

setcred

A Rust interface to FreeBSD's setcred(2) syscall for atomic credential management.

Ported from: 0x1eef/bsd by 0x1eef

Usage

FreeBSD only. Requires elevated privileges.

use setcred::Creds;
use std::io;
use std::net::TcpListener;

fn main() -> io::Result<()> {
    // Bind to a privileged port as root
    let listener = TcpListener::bind(("127.0.0.1", 80))?;

    // Drop all privileges atomically (recommended)
    Creds::drop_priv(1000, 1000, &[1000]).apply()?;

    // Carry on without privileges
    Ok(())
}

The drop_priv() method sets all six IDs atomically to prevent privilege escalation.

Example

See examples/daemon.rs for a complete daemon implementation with verification.

cargo run --example daemon  # Requires FreeBSD + root

Documentation

https://docs.rs/setcred

License

BSD Zero Clause License (0BSD)

Copyright (C) Shannon Skipper

Copyright (C) 0x1eef 0x1eef@proton.me

About

Rust interface to FreeBSD's `setcred(2)` syscall for atomic credential management

Resources

Readme

License

0BSD license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages