pkgs/by-name/un/unix-privesc-check/package.nix

   1 {
   2   lib,
   3   resholve,
   4   fetchurl,
   5   gawk,
   6   bash,
   7   binutils,
   8   coreutils,
   9   file,
  10   findutils,
  11   glibc,
  12   gnugrep,
  13   gnused,
  14   nettools,
  15   openssh,
  16   postgresql,
  17   ps,
  18   util-linux,
  19   which,
  20 }:
  21
  22 # resholve does not yet support `finalAttrs` call pattern hence `rec`
  23 # https://github.com/abathur/resholve/issues/107
  24 resholve.mkDerivation rec {
  25   pname = "unix-privesc-check";
  26   version = "1.4";
  27
  28   src = fetchurl {
  29     url = "https://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-${version}.tar.gz";
  30     hash = "sha256-4fhef2n6ut0jdWo9dqDj2GSyHih2O2DOLmGBKQ0cGWk=";
  31   };
  32
  33   patches = [
  34     ./unix-privesc-check.patch # https://github.com/NixOS/nixpkgs/pull/287629#issuecomment-1944428796
  35   ];
  36
  37   solutions = {
  38     unix-privesc-check = {
  39       scripts = [ "bin/unix-privesc-check" ];
  40       interpreter = "${bash}/bin/bash";
  41       inputs = [
  42         gawk
  43         bash
  44         binutils # for strings command
  45         coreutils
  46         file
  47         findutils # for xargs command
  48         glibc # for ldd command
  49         gnugrep
  50         gnused
  51         nettools
  52         openssh
  53         postgresql # for psql command
  54         ps
  55         util-linux # for swapon command
  56         which
  57       ];
  58       fake = {
  59         external = [
  60           "lanscan" # lanscan exists only for HP-UX OS
  61           "mount" # Getting same error described in https://github.com/abathur/resholve/issues/29
  62           "passwd" # Getting same error described in https://github.com/abathur/resholve/issues/29
  63         ];
  64       };
  65       execer = [
  66         "cannot:${glibc.bin}/bin/ldd"
  67         "cannot:${postgresql}/bin/psql"
  68         "cannot:${openssh}/bin/ssh-add"
  69         "cannot:${util-linux.bin}/bin/swapon"
  70       ];
  71     };
  72   };
  73
  74   installPhase = ''
  75     runHook preInstall
  76     install -Dm 755 unix-privesc-check $out/bin/unix-privesc-check
  77     runHook postInstall
  78   '';
  79
  80   meta = with lib; {
  81     description = "Find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps";
  82     mainProgram = "unix-privesc-check";
  83     homepage = "https://pentestmonkey.net/tools/audit/unix-privesc-check";
  84     maintainers = with maintainers; [ d3vil0p3r ];
  85     platforms = platforms.unix;
  86     license = licenses.gpl2Plus;
  87   };
  88 }