From: Tomas Mudrunka Date: Thu, 17 Oct 2013 01:24:16 +0000 (+0200) Subject: Added php-cgi-su wrapper X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=8cd469f9789bfc99b2f1e444a64a56218d6a1dd0;p=mirrors%2FPrograms.git Added php-cgi-su wrapper --- diff --git a/c/php-cgi-su.c b/c/php-cgi-su.c new file mode 100644 index 0000000..c62f565 --- /dev/null +++ b/c/php-cgi-su.c @@ -0,0 +1,52 @@ +/* + * SU-EXEC Wrapper + * Execute script under it's owner's privileges + * CopyLefted by: Harvie 2oo9 +*/ + +#include +#include +#include +#include +#include +#include +#include + +#define INTERPRETER "/usr/bin/php-cgi" +//#define INTERPRETER "/usr/bin/perl" + +void auth_fail() { + puts("Error: Permission denied!\n"); + exit(-1); +} + +int main(int argc, char **argv, char **environ) { + if(argc != 2) { //Do not accept more than one argument + printf( + "SetUID wrapper for %s interpretter\n" + "Usage: %s script\n\n", + INTERPRETER, argv[0] + ); + return -1; + } + struct stat st; + if(!stat(argv[1], &st)) { + //Get user info + struct passwd *pw; + if(!(pw = getpwuid(st.st_uid))) auth_fail(); + //Change groups + if(initgroups(pw->pw_name, pw->pw_gid)) auth_fail(); + //Change UID a GID + if(setgid(pw->pw_gid)) auth_fail(); + if(setegid(pw->pw_gid)) auth_fail(); + if(setuid(pw->pw_uid)) auth_fail(); + if(seteuid(pw->pw_uid)) auth_fail(); + //Fail if still have root privileges + if(getuid() == 0 || getgid() == 0) auth_fail(); + //Launch binary + return(execve(INTERPRETER, argv, environ)); + } else { + printf("Error: Can't stat file: %s\n\n", argv[1]); + return -1; + } +}