diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2019-05-27 07:48:54 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2019-05-27 07:48:54 -0700 |
| commit | 1e4c28c0e54eb42fffdf9583a00889aa352bf4fb (patch) | |
| tree | c0d92fa50290428734733d24556203cf97a9e40a /go/Makefile | |
| parent | dea0e2be341a01d0f110704470a54765eaf930e4 (diff) | |
| download | libcap2-1e4c28c0e54eb42fffdf9583a00889aa352bf4fb.tar.gz | |
Explore Go port of libcap with a simple web server.
The program web.go uses "libcap/cap" to raise and lower capabilities
in order to bind to a privileged port. Writing this code, I now
realize that Go's runtime is not really suited to minimal privilege
guarantees. The code does raise and lower the effective capability
Value needed, but to be fully robust, we're going to have to wait for
the following issue with the Go runtime to find a resolution:
https://github.com/golang/go/issues/1435
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'go/Makefile')
| -rw-r--r-- | go/Makefile | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/go/Makefile b/go/Makefile index 059e0c1..1381f3d 100644 --- a/go/Makefile +++ b/go/Makefile @@ -6,6 +6,7 @@ include ../Make.Rules all: $(MAKE) compare-cap + $(MAKE) web ./compare-cap src/libcap/cap: @@ -32,7 +33,10 @@ $(GOPACKAGE): src/libcap/cap/names.go src/libcap/cap/cap.go src/libcap/cap/text. compare-cap: compare-cap.go $(GOPACKAGE) GOPATH=$(realpath .) go build $< +web: web.go $(GOPACKAGE) + GOPATH=$(realpath .) go build $< + clean: GOPATH=$(realpath .) go clean -x -i libcap/cap || exit 0 - rm -f *.o *.so mknames compare-cap *~ ../cap/*~ ../cap/names.go + rm -f *.o *.so mknames web compare-cap *~ ../cap/*~ ../cap/names.go rm -fr pkg src |