Initial commit
This commit is contained in:
commit
cc30732c4c
|
@ -0,0 +1 @@
|
|||
/usuid
|
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env bash
|
||||
set -e
|
||||
gcc src/main.c -o "usuid" -Os -Werror -Wall
|
||||
sudo chown root "usuid.usuid"
|
||||
sudo chmod 755 "usuid.usuid"
|
||||
sudo chown root "usuid"
|
||||
sudo chmod 755 "usuid"
|
||||
sudo chmod u+s "usuid"
|
|
@ -0,0 +1,59 @@
|
|||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <linux/limits.h>
|
||||
#include <errno.h>
|
||||
|
||||
void *emalloc(void *ptr, size_t size) {
|
||||
void *m = realloc(ptr,size);
|
||||
if (m == NULL) {
|
||||
fprintf(stderr,"[usuid] error 255: malloc failed\n");
|
||||
exit(255);
|
||||
}
|
||||
return m;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
extern char **environ;
|
||||
environ = NULL; // Clear environment to boost security
|
||||
int uid = getuid(); // User who's calling the program
|
||||
int euid = geteuid(); // User who owns the program
|
||||
|
||||
// Strip first argument, and move them by 1
|
||||
char **cmd;
|
||||
if (argc > 1) {
|
||||
cmd = emalloc(NULL,(argc + 1) * sizeof(char*));
|
||||
int i = 1;
|
||||
while (i < argc) {
|
||||
cmd[i] = argv[i];
|
||||
++i;
|
||||
}
|
||||
} else {
|
||||
cmd = emalloc(NULL,sizeof(char*) * 2);
|
||||
}
|
||||
cmd[argc] = NULL;
|
||||
|
||||
// Get current program name
|
||||
cmd[0] = emalloc(NULL,PATH_MAX);
|
||||
setuid(euid);
|
||||
ssize_t length = readlink("/proc/self/exe",cmd[0],PATH_MAX);
|
||||
setuid(uid);
|
||||
if (length == -1) {
|
||||
fprintf(stderr,"[usuid] error 254: Could not get own program name (/proc/self/exe)\n");
|
||||
return 254;
|
||||
}
|
||||
|
||||
// Get new program name
|
||||
strcat(cmd[0],".usuid");
|
||||
cmd[0] = emalloc(cmd[0],length + (sizeof(char) * 7)); // Why do I have to put 7 for it to work? 6 should be sufficient? Null terminator? Lé C memory corruption? Yummy?
|
||||
|
||||
// Run program
|
||||
setuid(euid);
|
||||
if (execv(cmd[0],cmd) == -1) {
|
||||
// Handle errors
|
||||
setuid(uid);
|
||||
fprintf(stderr,"[usuid] error %d: %s\n",253 - errno,strerror(errno));
|
||||
return 253 - errno;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/env lua5.3
|
||||
print("i am root\n\narguments:")
|
||||
for i,a in ipairs(arg) do
|
||||
print("* " ..a)
|
||||
end
|
Loading…
Reference in New Issue