[TriLUG] Help with setuid C wrapper script
Bill Farrow
bill at arrowsreach.com
Mon Oct 11 09:15:18 EDT 2010
Hey Ron,
I have written setuid wrappers in C before.
Have you changed the permissions on the compiled wrapper util to
enable the setuid ?
chmod a+s /usr/bin/my_wrapper
ls -l /usr/bin/my_wrapper
-rwsr-sr-x 1 root root 13341 Apr 21 12:08 /usr/bin/my_wrapper
/* Check for errors. This makes it much easier to fix when broken.
Do this for each of the calls. */
if (setuid(0)) {
fprintf(stderr, "\nFailed to gain root privileges\n");
return -1;
}
Bill
> #include <stdio.h>
> #include <sys/types.h>
> #include <unistd.h>
> #include <signal.h>
> #include <strings.h>
> #include <stdlib.h>
>
> /********************************************
> * Inspired by:
> * http://linuxshellaccount.blogspot.com/2007/12/securing-suid-programs-using-simple-c.html *
> ********************************************/
>
> /* Define global variables */
>
> int gid;
>
> /* main(int argc, char **argv) - main process loop */
>
> int main(int argc, char **argv)
> {
>
> /* Set uid, gid, euid and egid to root */
>
> setegid(0);
> seteuid(0);
> setgid(0);
> setuid(0);
>
> if ( strncmp(argv[1], "my_command", 11) == 0 ) {
> if (execl("/usr/local/bin/my_command", "my_command", "-v", NULL) < 0) {
> perror("Execl:");
> }
> } else if ( strncmp(argv[1], "another_command", 15) == 0 ) {
> if (execl("/usr/local/bin/another_command", "another_command", "-v", NULL) < 0) {
> perror("Execl:");
> }
> } else {
> exit (1);
> }
> exit (0);
> }
>
More information about the TriLUG
mailing list