exec template

diff --git a/exec.c b/exec.c
new file mode 100644 (file)
index 0000000..79490e6
--- /dev/null
+++ b/exec.c
@@ -0,0 +1,52 @@
+#include <unistd.h>
+
+#define TARGET "/path/to/exec" /* replace with actual target */
+
+int main(int argc, char *argv[], char *envp[])
+{
+       int r
+       r=execve(TARGET,argv,envp);
+       return r;
+}
+
+/*
+Explanation:
+
+You want to run some program/script with SETUID
+but you don't want to set the SETUID flag of the original program
+or you want to run it as a different user than owner of the program
+Solution:
+You insert the path into the TARGET define,
+compile this file
+and set the user and SETUID flag of the compiled program.
+
+Sidenote:
+
+If you ever think that it could be a good idea to extend this a little
+and make a generalised SETUID launcher to run arbitrary programs
+(instead of a dedicated launcher for each program)
+something like this:
+
+#include <unistd.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[], char *envp[])
+{
+       int r
+       if (argc<2) {
+               fputs("Command missing.\n");
+               return 1;
+       }
+       r=execve(argv[1],argv+1,envp);
+       return r;
+}
+
+then I have to warn you:
+NO, THAT'S NOT A GOOD IDEA.
+ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA.
+If you compile such a program and set the SETUID flag,
+then yes you will have a generalised SETUID launcher,
+but also ANYONE on the computer will be able to run ANYTHING
+as if they were you.
+Congratulations, your password is useless.
+*/