1 [!windows] stop
2 [!exec:icacls] skip
3 [!exec:powershell] skip
4
5 # Create $WORK\guest and give the Guests group full access.
6 # Files created within that directory will have different security attributes by default.
7 mkdir $WORK\guest
8 exec icacls $WORK\guest /grant '*S-1-5-32-546:(oi)(ci)f'
9
10 env TMP=$WORK\guest
11 env TEMP=$WORK\guest
12
13 # Build a binary using the guest directory as an intermediate
14 cd TestACL
15 go build -o main.exe main.go
16 # Build the same binary, but write it to the guest directory.
17 go build -o $TMP\main.exe main.go
18
19 # Read ACLs for the files.
20 exec powershell -Command 'Get-Acl main.exe | Select -expand AccessToString'
21 cp stdout $WORK\exe-acl.txt
22 exec powershell -Command 'Get-Acl main.go | Select -expand AccessToString'
23 cp stdout $WORK\src-acl.txt
24 cd $TMP
25 exec powershell -Command 'Get-Acl main.exe | Select -expand AccessToString'
26 cp stdout $WORK\guest-acl.txt
27
28 cd $WORK
29
30 # The executable written to the source directory should have the same ACL as the source file.
31 cmp $WORK\exe-acl.txt $WORK\src-acl.txt
32
33 # The file written to the guest-allowed directory should give Guests control.
34 grep 'BUILTIN\\Guests\s+Allow' $WORK\guest-acl.txt
35
36 # The file written to the ordinary directory should not.
37 ! grep 'BUILTIN\\Guests\s+Allow' $WORK\exe-acl.txt
38
39
40 -- TestACL/go.mod --
41 module TestACL
42 -- TestACL/main.go --
43 package main
44 func main() {}
45
View as plain text