-// 12.11.2022
-#include <unistd.h>
-#include <errno.h>
-
-#define TARGET "###TARGET;"
-
-int main(int argc, char *argv[], char *envp[])
-{
- uid_t euid;
- gid_t egid;
- int r;
- euid = geteuid();
- egid = getegid();
- if ((r = setreuid(euid, euid)))
- return (r = errno);
- if ((r = setregid(egid, egid)))
- return (r = errno);
- r=execve(TARGET,argv,envp);
- return r;
-}
-
-/*
-Explanation:
-
-You want to run some program/script with SETUID
-but you don't want to set the SETUID flag of the original program
-or you want to run it as a different user than owner of the program
-Solution:
-You insert the path into the TARGET define,
-compile this file
-and set the user and SETUID flag of the compiled program.
-
-Sidenote:
-
-If you ever think that it could be a good idea to extend this a little
-and make a generalised SETUID launcher to run arbitrary programs
-(instead of a dedicated launcher for each program)
-something like this:
-
-#include <unistd.h>
-#include <stdio.h>
-
-int main(int argc, char *argv[], char *envp[])
-{
- int r
- if (argc<2) {
- fputs("Command missing.\n");
- return 1;
- }
- r=execve(argv[1],argv+1,envp);
- return r;
-}
-
-then I have to warn you:
-NO, THAT'S NOT A GOOD IDEA.
-ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA.
-If you compile such a program and set the SETUID flag,
-then yes you will have a generalised SETUID launcher,
-but also ANYONE on the computer will be able to run ANYTHING
-as if they were you.
-Congratulations, your password is useless.
-*/