Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add os.isAdmin to tell whether we are admin (windows) or root (posix) #329

Closed
timotheecour opened this issue Jan 29, 2021 · 3 comments · Fixed by nim-lang/Nim#17012
Closed

add os.isAdmin to tell whether we are admin (windows) or root (posix) #329

timotheecour opened this issue Jan 29, 2021 · 3 comments · Fixed by nim-lang/Nim#17012
Labels
implemented

Comments

@timotheecour
Copy link
Member

timotheecour commented Jan 29, 2021
edited
Loading

refs nim-lang/Nim#16859 (comment)

on windows:

refs https://stackoverflow.com/a/16285248/1426932
running execShellCmd("net session") can tell you: if not admin you get:

System error 5 has occurred.

Access is denied.

else you might get an answer such as: There are no entries in the list.

on posix:

refs: https://stackoverflow.com/a/21622456/1426932
running getEnv("EUID") == "0" or similar will tell you if you're root
(it's readonly, can't be set)

use cases

links
@timotheecour timotheecour mentioned this issue Jan 29, 2021
Closed
@alaviss
Copy link

alaviss commented Jan 30, 2021
edited
Loading

refs: https://stackoverflow.com/a/21622456/1426932
running getEnv("EUID") == "0" or similar will tell you if you're root
(it's readonly, can't be set)

This is a shell feature, there is nothing preventing the caller from modifying this environment variable. The POSIX way is to use the geteuid() syscall.

refs https://stackoverflow.com/a/16285248/1426932
running execShellCmd("net session") can tell you: if not admin you get:

System error 5 has occurred.

Access is denied.

else you might get an answer such as: There are no entries in the list.

This is a terrible way to do it, if a malicious actor modify the PATH (or if there's a net.exe in the current directory) or Microsoft changes the output of net, it will fail. Here's how to do it in Win32: https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-checktokenmembership?redirectedfrom=MSDN

@rominf rominf mentioned this issue Jan 30, 2021
Merged
@juancarlospaco
Copy link
Contributor

If the computer is already compromised nothing is totally secure but yeah... 🤷

@rominf
Copy link

rominf commented Feb 11, 2021

See nim-lang/Nim#17012 for the implementation.

@timotheecour timotheecour mentioned this issue Feb 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
implemented
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

stdlib/os: add isAdmin rominf/Nim
4 participants
@juancarlospaco @timotheecour @rominf @alaviss