Anyone willing to share an SUID wrapper program to take/passarguments to a shell script on Unbuntu?

Discussion in 'C Programming' started by bobm3@worthless.info, Jan 13, 2012.

  1. Guest

    As the subject states: I'm NOT a c programmer (wish I was) and I need a
    wrapper to be able to run a shell script as a different user. While the
    examples I've found seem simple I need it to be able to take one or more
    CLI args along with their values and include them to the called script to
    execute.

    Anyone willing to share/post the code for such a utility?

    Thanks all (now back to regularly scheduled programming)
    , Jan 13, 2012
    #1
    1. Advertising

  2. Nobody Guest

    Re: Anyone willing to share an SUID wrapper program to take/pass arguments to a shell script on Unbuntu?

    On Fri, 13 Jan 2012 21:42:53 +0000, bobm3 wrote:

    > As the subject states: I'm NOT a c programmer (wish I was) and I need a
    > wrapper to be able to run a shell script as a different user. While the
    > examples I've found seem simple I need it to be able to take one or more
    > CLI args along with their values and include them to the called script to
    > execute.


    Use sudo; it can be configured to allow a specific user to run a specific
    command with specific arguments as a specific user. It also deals with any
    platform-specific quirks (which could be security holes if not handled
    correctly).

    Also: this is off-topic for c.l.c, as it's primarily a Unix question
    rather than a C question. Even if you wrote such a tool in C, it would
    be 90% Unix knowledge, 10% C knowledge.
    Nobody, Jan 13, 2012
    #2
    1. Advertising

  3. M. Strobel Guest

    Am 13.01.2012 22:42, schrieb :
    > As the subject states: I'm NOT a c programmer (wish I was) and I need a
    > wrapper to be able to run a shell script as a different user. While the
    > examples I've found seem simple I need it to be able to take one or more
    > CLI args along with their values and include them to the called script to
    > execute.
    >
    > Anyone willing to share/post the code for such a utility?
    >
    > Thanks all (now back to regularly scheduled programming)


    See the good advice by nemo.

    To the C question: it is rather trivial to program, but you would have to do it
    yourself to adjust the filtering.

    /str.
    M. Strobel, Jan 13, 2012
    #3
  4. On 13.01.2012 22:42, wrote:
    > As the subject states: I'm NOT a c programmer (wish I was) and I need a
    > wrapper to be able to run a shell script as a different user. While the
    > examples I've found seem simple I need it to be able to take one or more
    > CLI args along with their values and include them to the called script to
    > execute.
    >
    > Anyone willing to share/post the code for such a utility?
    >
    > Thanks all (now back to regularly scheduled programming)


    What do you need? Will the following be enough?

    #include <sys/types.h>
    #include <unistd.h>
    #include <stdio.h>
    #include <stdlib.h>

    #define SCRIPT "/usr/bin/script_or_whatever"

    int main(int argc, char* argv[])
    {
    char **args;
    int i = 1;
    if (argc < 2) return 110;
    if (setuid(geteuid())) { perror("setuid"); return 111; }
    args = malloc(argc * sizeof *args); //Yeah, I know, no free()
    //well, exec() and exit() free anyway!
    if (!args) { fputs("out of memory\n", stderr); return 112; }
    args[0] = SCRIPT;
    for (; i < argc; i++) args = argv;
    execvp(args[0], args);
    perror("exec"); return 112;
    }

    This sets the real UID to the EUID and execs the argument. The
    traditional approach to limiting its use is to install it as owner:group
    = what you need:something new, file mode 4750 (rwsr-x---), than add each
    user that may execute that file to the newly created group. In the long
    run that leads to a _ton_ of groups and no-one having any real clue as
    to what's what.

    You can maximize security here by linking the above file statically
    (leading to less code executed with elevated privileges). If you only
    want a few more privileges, you could possibly go for file capabilities.

    OTOH: What do you really want to do?

    HTH,
    Markus
    Markus Wichmann, Jan 15, 2012
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff Epler

    Re: suid Python script

    Jeff Epler, Aug 24, 2003, in forum: Python
    Replies:
    0
    Views:
    427
    Jeff Epler
    Aug 24, 2003
  2. Saraswati lakki
    Replies:
    0
    Views:
    1,283
    Saraswati lakki
    Jan 6, 2012
  3. Replies:
    4
    Views:
    99
    Giles Bowkett
    Feb 9, 2007
  4. SUID script??

    , Nov 7, 2006, in forum: Perl Misc
    Replies:
    1
    Views:
    133
    Gunnar Hjalmarsson
    Nov 7, 2006
  5. buck
    Replies:
    10
    Views:
    167
    Uri Guttman
    Feb 18, 2010
Loading...

Share This Page