summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Blake Kongslie <jblake@omgwallhack.org>2012-10-29 22:10:16 -0700
committerJulian Blake Kongslie <jblake@omgwallhack.org>2012-10-29 22:10:16 -0700
commitbfacca1f5e4fe3a4d90cb300c765a85d024358c9 (patch)
tree83203b402a5ef9a39a4e4b177cade422021167a1
downloadinsecuresuexec-bfacca1f5e4fe3a4d90cb300c765a85d024358c9.tar.gz
insecuresuexec-bfacca1f5e4fe3a4d90cb300c765a85d024358c9.zip
Initial commit.
-rw-r--r--.gitignore1
-rw-r--r--Makefile7
-rw-r--r--main.c58
3 files changed, 66 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b78e996
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/insecuresuexec
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..43d9995
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,7 @@
+insecuresuexec: main.c
+ clang -Wall -Werror -Os -o $@ $+
+
+clean:
+ rm -f insecuresuexec
+
+.PHONY: clean
diff --git a/main.c b/main.c
new file mode 100644
index 0000000..7af7c55
--- /dev/null
+++ b/main.c
@@ -0,0 +1,58 @@
+#define _GNU_SOURCE
+
+#include <assert.h>
+#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+int main( int argc, char *argv[] ) {
+
+ if ( argc < 4 ) {
+ fprintf( stderr, "Usage: %s user group cmd [args..]\n", argv[0] );
+ return 1;
+ };
+
+ char *user = argv[1];
+ char *group = argv[2];
+ char *cmd = argv[3];
+ char **args = argv + 3;
+
+ char *end;
+ unsigned long tmp;
+
+ struct passwd *userpw;
+ struct group *grouppw;
+
+ tmp = strtoul( user, &end, 10 );
+ if ( end != user && ! *end ) {
+ userpw = getpwuid( tmp );
+ } else {
+ userpw = getpwnam( user );
+ };
+ assert( userpw != NULL );
+
+ tmp = strtoul( group, &end, 10 );
+ if ( end != user && ! *end ) {
+ grouppw = getgrgid( tmp );
+ } else {
+ grouppw = getgrnam( group );
+ };
+ assert( grouppw != NULL );
+
+ if ( setgroups( 0, NULL ) != 0 )
+ assert_perror( errno );
+
+ if ( setregid( grouppw->gr_gid, grouppw->gr_gid ) != 0 )
+ assert_perror( errno );
+
+ if ( setreuid( userpw->pw_uid, userpw->pw_uid ) != 0 )
+ assert_perror( errno );
+
+ execv( cmd, args );
+ assert_perror( errno );
+
+}