[TriLUG] Help with setuid C wrapper script

Sun Oct 10 09:30:18 EDT 2010

Why use C when sudo is designed for just that? 

--
Clay Stuckey
(843) 469-5467
cstuckey at govsg.com
claystuckey at gmail.com

On Oct 10, 2010, at 9:04 AM, "Ron Kelley" <rkelleyrtp at gmail.com> wrote:

> Greetings all,
> 
> I need to allow a non-root user to run a couple of system commands and would like to use a setuid C wrapper binary.  I have searched over the 'net and have found the following sample code.  Unfortunately, I get segmentation faults if no command arguments are passed in.   Since I am not a C programmer, I was hoping someone could help me fine-tune the utility.  
> 
> For some reason, this code requires the "-v" CLI argument.  I would prefer to just pass in the necessary arguments without the "-v".  In addition, if no arguments (or, unknown/invalid args) are passed in, I want the utility to exit immediately.  I want the ability to add additional commands in the future, so I need it to be flexible enough to parse the args instead of writing a single wrapper per external command.
> 
> Example:
> 
> #> wrapper my_command
> <runs the "my_command" command>
> 
> #> wrapper another_command
> <runs the "another_command" command>
> 
> #> wrapper 
> <exits immediately>
> 
> #> wrapper -h
> <exits immediately - no error output>
> 
> 
> ---------------------------------------------------------------------------------------------------------------------------------------
> #include <stdio.h>
> #include <sys/types.h>
> #include <unistd.h>
> #include <signal.h>
> #include <strings.h>
> #include <stdlib.h>
> 
> /********************************************
> * Inspired by: 
> * http://linuxshellaccount.blogspot.com/2007/12/securing-suid-programs-using-simple-c.html *
> ********************************************/
> 
> /* Define global variables */
> 
> int gid;
> 
> /* main(int argc, char **argv) - main process loop */
> 
> int main(int argc, char **argv)
> {
> 
>   /* Set uid, gid, euid and egid to root */
> 
>   setegid(0);
>   seteuid(0);
>   setgid(0);
>   setuid(0);
> 
>   if ( strncmp(argv[1], "my_command", 11) == 0 ) {
>      if (execl("/usr/local/bin/my_command", "my_command", "-v", NULL) < 0) {
>         perror("Execl:");
>      }
>   } else if ( strncmp(argv[1], "another_command", 15) == 0 ) {
>      if (execl("/usr/local/bin/another_command", "another_command", "-v", NULL) < 0) {
>         perror("Execl:");
>   }
>   } else {
>   exit (1);
>   }
> exit (0);
> }
> ---------------------------------------------------------------------------------------------------------------------------------------
> 
> 
> 
> 
> 
> Thanks for any help,
> 
> -Ron
> -- 
> This message was sent to: Clay Stuckey <cstuckey at govsg.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web    : http://www.trilug.org/mailman/options/trilug/cstuckey%40govsg.com
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions