Implement Windows superuser check #568
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
October 23, 2025 07:01
Summary: The move command incorrectly processed directories as Forge files which could have resulted in improper moves. Eventually, we'd like to add the capability to move entire directories, but it makes the most sense right now to go ahead patch this bug. Differential Revision: D85156302
Summary: This exposes the existing UUID generation mechanism used internally by `ttpforge create ttp` as a standalone command for user convenience. While TTPs created with `create ttp` already include an automatically generated UUID, users sometimes need to manually generate UUIDs when manually creating or editing TTP files. Differential Revision: D85156307
Summary: The enum ttps command had a local `verbose` flag that duplicated the global verbose logging configuration. This refactors the command to use the existing global setting instead. Differential Revision: D85156304
isaac-fletcher
requested review from
CrimsonK1ng,
RoboticPrism,
cedowens,
d0n601 and
d3sch41n
as code owners
|
@isaac-fletcher has exported this pull request. If you are a Meta employee, you can view the originating Diff in D85156306. |
isaac-fletcher
added a commit
to isaac-fletcher/TTPForge
that referenced
this pull request
Oct 23, 2025
Summary: Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using `golang.org/x/sys/windows` to check if the process token is elevated. The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use `os.Geteuid() == 0` while Windows now uses token elevation checking. Reviewed By: RoboticPrism Differential Revision: D85156306
isaac-fletcher
added a commit
to isaac-fletcher/TTPForge
that referenced
this pull request
Oct 23, 2025
Summary: Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using `golang.org/x/sys/windows` to check if the process token is elevated. The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use `os.Geteuid() == 0` while Windows now uses token elevation checking. Reviewed By: RoboticPrism Differential Revision: D85156306
isaac-fletcher
added a commit
to isaac-fletcher/TTPForge
that referenced
this pull request
Oct 23, 2025
Summary: Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using `golang.org/x/sys/windows` to check if the process token is elevated. The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use `os.Geteuid() == 0` while Windows now uses token elevation checking. Reviewed By: RoboticPrism Differential Revision: D85156306
isaac-fletcher
added a commit
to isaac-fletcher/TTPForge
that referenced
this pull request
Oct 23, 2025
Summary: Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using `golang.org/x/sys/windows` to check if the process token is elevated. The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use `os.Geteuid() == 0` while Windows now uses token elevation checking. Reviewed By: RoboticPrism Differential Revision: D85156306
isaac-fletcher
added a commit
to isaac-fletcher/TTPForge
that referenced
this pull request
Oct 23, 2025
Summary: Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using `golang.org/x/sys/windows` to check if the process token is elevated. The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use `os.Geteuid() == 0` while Windows now uses token elevation checking. Reviewed By: RoboticPrism Differential Revision: D85156306
isaac-fletcher
force-pushed
the
export-D85156306
branch
from
4ad9783 to
7714c05
Compare
isaac-fletcher
added a commit
to isaac-fletcher/TTPForge
that referenced
this pull request
Oct 23, 2025
Summary: Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using `golang.org/x/sys/windows` to check if the process token is elevated. The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use `os.Geteuid() == 0` while Windows now uses token elevation checking. Reviewed By: RoboticPrism Differential Revision: D85156306
isaac-fletcher
added a commit
to isaac-fletcher/TTPForge
that referenced
this pull request
Oct 23, 2025
Summary: Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using `golang.org/x/sys/windows` to check if the process token is elevated. The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use `os.Geteuid() == 0` while Windows now uses token elevation checking. Reviewed By: RoboticPrism Differential Revision: D85156306
Summary: Pull Request resolved: facebookincubator#568 Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using `golang.org/x/sys/windows` to check if the process token is elevated. The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use `os.Geteuid() == 0` while Windows now uses token elevation checking. Reviewed By: RoboticPrism Differential Revision: D85156306
isaac-fletcher
force-pushed
the
export-D85156306
branch
from
7714c05 to
b81511f
Compare
|
This pull request has been merged in 45590c2. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
Previously, TTPForge would only log a warning when a TTP required superuser privileges on Windows but wouldn't actually enforce the requirement. This change implements proper administrator privilege checking on Windows using
golang.org/x/sys/windowsto check if the process token is elevated.The implementation uses Go build tags to provide platform-specific implementations of superuser checking. Unix-based systems continue to use
os.Geteuid() == 0while Windows now uses token elevation checking.Reviewed By: RoboticPrism
Differential Revision: D85156306