From 8cd469f9789bfc99b2f1e444a64a56218d6a1dd0 Mon Sep 17 00:00:00 2001
From: Tomas Mudrunka <tomas@mudrunka.cz>
Date: Thu, 17 Oct 2013 03:24:16 +0200
Subject: [PATCH] Added php-cgi-su wrapper

---
 c/php-cgi-su.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 c/php-cgi-su.c

diff --git a/c/php-cgi-su.c b/c/php-cgi-su.c
new file mode 100644
index 0000000..c62f565
--- /dev/null
+++ b/c/php-cgi-su.c
@@ -0,0 +1,52 @@
+/*
+ * SU-EXEC Wrapper
+ * Execute script under it's owner's privileges
+ * CopyLefted by: Harvie 2oo9
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <pwd.h>
+#include <grp.h>
+
+#define INTERPRETER "/usr/bin/php-cgi"
+//#define INTERPRETER "/usr/bin/perl"
+
+void auth_fail() {
+	puts("Error: Permission denied!\n");
+	exit(-1);
+}
+
+int main(int argc, char **argv, char **environ) {
+	if(argc != 2) { //Do not accept more than one argument
+		printf(
+			"SetUID wrapper for %s interpretter\n"
+			"Usage: %s script\n\n",
+			INTERPRETER, argv[0]
+		);
+		return -1;
+	}
+	struct stat st;
+	if(!stat(argv[1], &st)) {
+		//Get user info
+			struct passwd *pw;
+			if(!(pw = getpwuid(st.st_uid))) auth_fail();
+		//Change groups
+			if(initgroups(pw->pw_name, pw->pw_gid)) auth_fail();
+		//Change UID a GID
+			if(setgid(pw->pw_gid)) auth_fail();
+			if(setegid(pw->pw_gid)) auth_fail();
+			if(setuid(pw->pw_uid)) auth_fail();
+			if(seteuid(pw->pw_uid)) auth_fail();
+		//Fail if still have root privileges
+			if(getuid() == 0 || getgid() == 0) auth_fail();
+		//Launch binary
+			return(execve(INTERPRETER, argv, environ));
+	} else {
+		printf("Error: Can't stat file: %s\n\n", argv[1]);
+		return -1;
+	}
+}
-- 
2.30.2