pkgs/by-name/un/unix-privesc-check/package.nix

   1 { lib
   2 , resholve
   3 , fetchurl
   4 , gawk
   5 , bash
   6 , binutils
   7 , coreutils
   8 , file
   9 , findutils
  10 , glibc
  11 , gnugrep
  12 , gnused
  13 , nettools
  14 , openssh
  15 , postgresql
  16 , ps
  17 , util-linux
  18 , which
  19 }:
  20
  21 # resholve does not yet support `finalAttrs` call pattern hence `rec`
  22 # https://github.com/abathur/resholve/issues/107
  23 resholve.mkDerivation rec {
  24   pname = "unix-privesc-check";
  25   version = "1.4";
  26
  27   src = fetchurl {
  28     url = "https://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-${version}.tar.gz";
  29     hash = "sha256-4fhef2n6ut0jdWo9dqDj2GSyHih2O2DOLmGBKQ0cGWk=";
  30   };
  31
  32   patches = [
  33     ./unix-privesc-check.patch # https://github.com/NixOS/nixpkgs/pull/287629#issuecomment-1944428796
  34   ];
  35
  36   solutions = {
  37     unix-privesc-check = {
  38       scripts = [ "bin/unix-privesc-check" ];
  39       interpreter = "${bash}/bin/bash";
  40       inputs = [
  41         gawk
  42         bash
  43         binutils # for strings command
  44         coreutils
  45         file
  46         findutils # for xargs command
  47         glibc  # for ldd command
  48         gnugrep
  49         gnused
  50         nettools
  51         openssh
  52         postgresql # for psql command
  53         ps
  54         util-linux # for swapon command
  55         which
  56       ];
  57       fake = {
  58         external = [
  59             "lanscan" # lanscan exists only for HP-UX OS
  60             "mount" # Getting same error described in https://github.com/abathur/resholve/issues/29
  61             "passwd" # Getting same error described in https://github.com/abathur/resholve/issues/29
  62         ];
  63       };
  64       execer = [
  65         "cannot:${glibc.bin}/bin/ldd"
  66         "cannot:${postgresql}/bin/psql"
  67         "cannot:${openssh}/bin/ssh-add"
  68         "cannot:${util-linux.bin}/bin/swapon"
  69       ];
  70     };
  71   };
  72
  73   installPhase = ''
  74     runHook preInstall
  75     install -Dm 755 unix-privesc-check $out/bin/unix-privesc-check
  76     runHook postInstall
  77   '';
  78
  79   meta = with lib; {
  80     description = "Find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps";
  81     mainProgram = "unix-privesc-check";
  82     homepage = "https://pentestmonkey.net/tools/audit/unix-privesc-check";
  83     maintainers = with maintainers; [ d3vil0p3r ];
  84     platforms = platforms.unix;
  85     license = licenses.gpl2Plus;
  86   };
  87 }