Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Anyone willing to share an SUID wrapper program to take/passarguments to a shell script on Unbuntu?

Reply
Thread Tools

Anyone willing to share an SUID wrapper program to take/passarguments to a shell script on Unbuntu?

 
 
bobm3@worthless.info
Guest
Posts: n/a
 
      01-13-2012
As the subject states: I'm NOT a c programmer (wish I was) and I need a
wrapper to be able to run a shell script as a different user. While the
examples I've found seem simple I need it to be able to take one or more
CLI args along with their values and include them to the called script to
execute.

Anyone willing to share/post the code for such a utility?

Thanks all (now back to regularly scheduled programming)
 
Reply With Quote
 
 
 
 
Nobody
Guest
Posts: n/a
 
      01-13-2012
On Fri, 13 Jan 2012 21:42:53 +0000, bobm3 wrote:

> As the subject states: I'm NOT a c programmer (wish I was) and I need a
> wrapper to be able to run a shell script as a different user. While the
> examples I've found seem simple I need it to be able to take one or more
> CLI args along with their values and include them to the called script to
> execute.


Use sudo; it can be configured to allow a specific user to run a specific
command with specific arguments as a specific user. It also deals with any
platform-specific quirks (which could be security holes if not handled
correctly).

Also: this is off-topic for c.l.c, as it's primarily a Unix question
rather than a C question. Even if you wrote such a tool in C, it would
be 90% Unix knowledge, 10% C knowledge.

 
Reply With Quote
 
 
 
 
M. Strobel
Guest
Posts: n/a
 
      01-13-2012
Am 13.01.2012 22:42, schrieb http://www.velocityreviews.com/forums/(E-Mail Removed):
> As the subject states: I'm NOT a c programmer (wish I was) and I need a
> wrapper to be able to run a shell script as a different user. While the
> examples I've found seem simple I need it to be able to take one or more
> CLI args along with their values and include them to the called script to
> execute.
>
> Anyone willing to share/post the code for such a utility?
>
> Thanks all (now back to regularly scheduled programming)


See the good advice by nemo.

To the C question: it is rather trivial to program, but you would have to do it
yourself to adjust the filtering.

/str.
 
Reply With Quote
 
Markus Wichmann
Guest
Posts: n/a
 
      01-15-2012
On 13.01.2012 22:42, (E-Mail Removed) wrote:
> As the subject states: I'm NOT a c programmer (wish I was) and I need a
> wrapper to be able to run a shell script as a different user. While the
> examples I've found seem simple I need it to be able to take one or more
> CLI args along with their values and include them to the called script to
> execute.
>
> Anyone willing to share/post the code for such a utility?
>
> Thanks all (now back to regularly scheduled programming)


What do you need? Will the following be enough?

#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>

#define SCRIPT "/usr/bin/script_or_whatever"

int main(int argc, char* argv[])
{
char **args;
int i = 1;
if (argc < 2) return 110;
if (setuid(geteuid())) { perror("setuid"); return 111; }
args = malloc(argc * sizeof *args); //Yeah, I know, no free()
//well, exec() and exit() free anyway!
if (!args) { fputs("out of memory\n", stderr); return 112; }
args[0] = SCRIPT;
for (; i < argc; i++) args[i] = argv[i];
execvp(args[0], args);
perror("exec"); return 112;
}

This sets the real UID to the EUID and execs the argument. The
traditional approach to limiting its use is to install it as owner:group
= what you need:something new, file mode 4750 (rwsr-x---), than add each
user that may execute that file to the newly created group. In the long
run that leads to a _ton_ of groups and no-one having any real clue as
to what's what.

You can maximize security here by linking the above file statically
(leading to less code executed with elevated privileges). If you only
want a few more privileges, you could possibly go for file capabilities.

OTOH: What do you really want to do?

HTH,
Markus
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Share-Point-2010 ,Share-Point -2010 Training , Share-point-2010Hyderabad , Share-point-2010 Institute Saraswati lakki ASP .Net 0 01-06-2012 06:39 AM
suid/sudo in python rustom Python 0 03-30-2009 06:35 AM
execute a shell script in a shell script moongeegee Perl Misc 2 12-04-2007 12:18 AM
SUID script?? richardrothwell@gmail.com Perl Misc 1 11-07-2006 09:44 PM
Re: suid Python script Jeff Epler Python 0 08-24-2003 07:54 PM



Advertisments