Added php-cgi-su wrapper

diff --git a/c/php-cgi-su.c b/c/php-cgi-su.c
new file mode 100644 (file)
index 0000000..c62f565
--- /dev/null
+++ b/c/php-cgi-su.c
@@ -0,0 +1,52 @@
+/*
+ * SU-EXEC Wrapper
+ * Execute script under it's owner's privileges
+ * CopyLefted by: Harvie 2oo9
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <pwd.h>
+#include <grp.h>
+
+#define INTERPRETER "/usr/bin/php-cgi"
+//#define INTERPRETER "/usr/bin/perl"
+
+void auth_fail() {
+       puts("Error: Permission denied!\n");
+       exit(-1);
+}
+
+int main(int argc, char **argv, char **environ) {
+       if(argc != 2) { //Do not accept more than one argument
+               printf(
+                       "SetUID wrapper for %s interpretter\n"
+                       "Usage: %s script\n\n",
+                       INTERPRETER, argv[0]
+               );
+               return -1;
+       }
+       struct stat st;
+       if(!stat(argv[1], &st)) {
+               //Get user info
+                       struct passwd *pw;
+                       if(!(pw = getpwuid(st.st_uid))) auth_fail();
+               //Change groups
+                       if(initgroups(pw->pw_name, pw->pw_gid)) auth_fail();
+               //Change UID a GID
+                       if(setgid(pw->pw_gid)) auth_fail();
+                       if(setegid(pw->pw_gid)) auth_fail();
+                       if(setuid(pw->pw_uid)) auth_fail();
+                       if(seteuid(pw->pw_uid)) auth_fail();
+               //Fail if still have root privileges
+                       if(getuid() == 0 || getgid() == 0) auth_fail();
+               //Launch binary
+                       return(execve(INTERPRETER, argv, environ));
+       } else {
+               printf("Error: Can't stat file: %s\n\n", argv[1]);
+               return -1;
+       }
+}