GIT.Harvie.CZ / mirrors / Programs.git / blame
| Commit | Line | Data |
|---|---|---|
| 8cd469f9 TM |
1 | /* |
| 2 | * SU-EXEC Wrapper | |
| 3 | * Execute script under it's owner's privileges | |
| 4 | * CopyLefted by: Harvie 2oo9 | |
| 5 | */ | |
| 6 | ||
| 7 | #include <stdio.h> | |
| 8 | #include <stdlib.h> | |
| 9 | #include <unistd.h> | |
| 10 | #include <sys/types.h> | |
| 11 | #include <sys/stat.h> | |
| 12 | #include <pwd.h> | |
| 13 | #include <grp.h> | |
| 14 | ||
| 15 | #define INTERPRETER "/usr/bin/php-cgi" | |
| 16 | //#define INTERPRETER "/usr/bin/perl" | |
| 17 | ||
| 18 | void auth_fail() { | |
| 19 | puts("Error: Permission denied!\n"); | |
| 20 | exit(-1); | |
| 21 | } | |
| 22 | ||
| 23 | int main(int argc, char **argv, char **environ) { | |
| 24 | if(argc != 2) { //Do not accept more than one argument | |
| 25 | printf( | |
| 26 | "SetUID wrapper for %s interpretter\n" | |
| 27 | "Usage: %s script\n\n", | |
| 28 | INTERPRETER, argv[0] | |
| 29 | ); | |
| 30 | return -1; | |
| 31 | } | |
| 32 | struct stat st; | |
| 33 | if(!stat(argv[1], &st)) { | |
| 34 | //Get user info | |
| 35 | struct passwd *pw; | |
| 36 | if(!(pw = getpwuid(st.st_uid))) auth_fail(); | |
| 37 | //Change groups | |
| 38 | if(initgroups(pw->pw_name, pw->pw_gid)) auth_fail(); | |
| 39 | //Change UID a GID | |
| 40 | if(setgid(pw->pw_gid)) auth_fail(); | |
| 41 | if(setegid(pw->pw_gid)) auth_fail(); | |
| 42 | if(setuid(pw->pw_uid)) auth_fail(); | |
| 43 | if(seteuid(pw->pw_uid)) auth_fail(); | |
| 44 | //Fail if still have root privileges | |
| 45 | if(getuid() == 0 || getgid() == 0) auth_fail(); | |
| 46 | //Launch binary | |
| 47 | return(execve(INTERPRETER, argv, environ)); | |
| 48 | } else { | |
| 49 | printf("Error: Can't stat file: %s\n\n", argv[1]); | |
| 50 | return -1; | |
| 51 | } | |
| 52 | } |