diff options
author | Julian Blake Kongslie <jblake@omgwallhack.org> | 2012-10-29 22:10:16 -0700 |
---|---|---|
committer | Julian Blake Kongslie <jblake@omgwallhack.org> | 2012-10-29 22:10:16 -0700 |
commit | bfacca1f5e4fe3a4d90cb300c765a85d024358c9 (patch) | |
tree | 83203b402a5ef9a39a4e4b177cade422021167a1 | |
download | insecuresuexec-bfacca1f5e4fe3a4d90cb300c765a85d024358c9.tar.gz insecuresuexec-bfacca1f5e4fe3a4d90cb300c765a85d024358c9.zip |
Initial commit.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile | 7 | ||||
-rw-r--r-- | main.c | 58 |
3 files changed, 66 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b78e996 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/insecuresuexec diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..43d9995 --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +insecuresuexec: main.c + clang -Wall -Werror -Os -o $@ $+ + +clean: + rm -f insecuresuexec + +.PHONY: clean @@ -0,0 +1,58 @@ +#define _GNU_SOURCE + +#include <assert.h> +#include <errno.h> +#include <grp.h> +#include <pwd.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/types.h> +#include <unistd.h> + +int main( int argc, char *argv[] ) { + + if ( argc < 4 ) { + fprintf( stderr, "Usage: %s user group cmd [args..]\n", argv[0] ); + return 1; + }; + + char *user = argv[1]; + char *group = argv[2]; + char *cmd = argv[3]; + char **args = argv + 3; + + char *end; + unsigned long tmp; + + struct passwd *userpw; + struct group *grouppw; + + tmp = strtoul( user, &end, 10 ); + if ( end != user && ! *end ) { + userpw = getpwuid( tmp ); + } else { + userpw = getpwnam( user ); + }; + assert( userpw != NULL ); + + tmp = strtoul( group, &end, 10 ); + if ( end != user && ! *end ) { + grouppw = getgrgid( tmp ); + } else { + grouppw = getgrnam( group ); + }; + assert( grouppw != NULL ); + + if ( setgroups( 0, NULL ) != 0 ) + assert_perror( errno ); + + if ( setregid( grouppw->gr_gid, grouppw->gr_gid ) != 0 ) + assert_perror( errno ); + + if ( setreuid( userpw->pw_uid, userpw->pw_uid ) != 0 ) + assert_perror( errno ); + + execv( cmd, args ); + assert_perror( errno ); + +} |