brianv0 · December 21, 2018 15:01
diff --git a/script.sh b/script.sh
 adduser brian --system --disabled-password --uid=1000
 adduser john --system --disabled-password --uid=1001
 echo "00900111512262233733448445595566066"> brian.txt
 chown brian brian.txt
 chmod 700 brian.txt

 pip install cffi

 #########

 python
 import threading
 from time import sleep
 from cffi import FFI
 import os
 ffi = FFI()

 ffi.cdef("""
 int setfsuid(int fsuid);
 int getgroups(int fsuid, int[]);
 int setgroups(int size, const int *list);
 """)

 sys = ffi.dlopen(None)

 def setfsuid(uid, message):
    old = sys.setfsuid(ffi.cast("int", uid))
    actual = sys.setfsuid(ffi.cast("int", uid))
    print(f"{message} old fsuid: {old} new: {actual}")

 def getgroups():
    ptr = ffi.new("int[]", [])
    size = sys.getgroups(ffi.cast("int", 0), ptr)
    ret_val = ffi.new("int[]", size)
    sys.getgroups(size, ret_val)
    return ret_val


 def setgroups(groups):
    new_groups = ffi.new("const int[]", groups)
    size = sys.setgroups(len(new_groups), new_groups)
    return size

 def check_open():
    try:
        open("brian.txt").close()
        return True	
    except Exception as e:
        return False

 def worker(brians_file):
    """thread worker function"""
    setfsuid(1000, "  Thread 1 - Making sure I'm Brian")
    print(f"  Thread 1 - Brian reads more - {brians_file.read(5)}")
    print(f"  Thread 1 - Check Open - {check_open()}")
    print(brians_file.read(5))
    sleep(3)
    print(f"  Thread 1 - Still Brian reads more - {brians_file.read(5)}")
    print(f"  Thread 1 - Check Open - {check_open()}")
    setfsuid(1001, "  Thread 1 - ")
    sleep(3)
    print(f"  Thread 1 - Now John reads: {brians_file.read(5)}")
    print(f"  Thread 1 - Check Open - {check_open()}")


 def doit():
    setfsuid(1000, "Main Process - ")
    brians_file = open("brian.txt", "r")
    print(f"Main Process - Brian reads {brians_file.read(5)}")
    print(f"Main Process - Can open - {check_open()}")
    threads = []
    t = threading.Thread(target=worker, args=(brians_file,))
    t.start()
    sleep(2)
    setfsuid(1001, "Main Process - ")
    print(f"Main Process - John reads {brians_file.read(5)}")
    print(f"Main Process - Can Open - {check_open()}")
    sleep(1)
    t.join()

 doit()
	adduser brian --system --disabled-password --uid=1000
	adduser john --system --disabled-password --uid=1001
	echo "00900111512262233733448445595566066"> brian.txt
	chown brian brian.txt
	chmod 700 brian.txt

	pip install cffi

	#########

	python
	import threading
	from time import sleep
	from cffi import FFI
	import os
	ffi = FFI()

	ffi.cdef("""
	int setfsuid(int fsuid);
	int getgroups(int fsuid, int[]);
	int setgroups(int size, const int *list);
	""")

	sys = ffi.dlopen(None)

	def setfsuid(uid, message):
	old = sys.setfsuid(ffi.cast("int", uid))
	actual = sys.setfsuid(ffi.cast("int", uid))
	print(f"{message} old fsuid: {old} new: {actual}")

	def getgroups():
	ptr = ffi.new("int[]", [])
	size = sys.getgroups(ffi.cast("int", 0), ptr)
	ret_val = ffi.new("int[]", size)
	sys.getgroups(size, ret_val)
	return ret_val


	def setgroups(groups):
	new_groups = ffi.new("const int[]", groups)
	size = sys.setgroups(len(new_groups), new_groups)
	return size

	def check_open():
	try:
	open("brian.txt").close()
	return True
	except Exception as e:
	return False

	def worker(brians_file):
	"""thread worker function"""
	setfsuid(1000, " Thread 1 - Making sure I'm Brian")
	print(f" Thread 1 - Brian reads more - {brians_file.read(5)}")
	print(f" Thread 1 - Check Open - {check_open()}")
	print(brians_file.read(5))
	sleep(3)
	print(f" Thread 1 - Still Brian reads more - {brians_file.read(5)}")
	print(f" Thread 1 - Check Open - {check_open()}")
	setfsuid(1001, " Thread 1 - ")
	sleep(3)
	print(f" Thread 1 - Now John reads: {brians_file.read(5)}")
	print(f" Thread 1 - Check Open - {check_open()}")


	def doit():
	setfsuid(1000, "Main Process - ")
	brians_file = open("brian.txt", "r")
	print(f"Main Process - Brian reads {brians_file.read(5)}")
	print(f"Main Process - Can open - {check_open()}")
	threads = []
	t = threading.Thread(target=worker, args=(brians_file,))
	t.start()
	sleep(2)
	setfsuid(1001, "Main Process - ")
	print(f"Main Process - John reads {brians_file.read(5)}")
	print(f"Main Process - Can Open - {check_open()}")
	sleep(1)
	t.join()

	doit()