SETUID wrepper for git-http-backend

diff --git a/exec.c b/exec.c
new file mode 100644 (file)
index 0000000..c747a98
--- /dev/null
+++ b/exec.c
@@ -0,0 +1,52 @@
+#include <unistd.h>
+
+#define TARGET "###TARGET;"
+
+int main(int argc, char *argv[], char *envp[])
+{
+       int r;
+       r=execve(TARGET,argv,envp);
+       return r;
+}
+
+/*
+Explanation:
+
+You want to run some program/script with SETUID
+but you don't want to set the SETUID flag of the original program
+or you want to run it as a different user than owner of the program
+Solution:
+You insert the path into the TARGET define,
+compile this file
+and set the user and SETUID flag of the compiled program.
+
+Sidenote:
+
+If you ever think that it could be a good idea to extend this a little
+and make a generalised SETUID launcher to run arbitrary programs
+(instead of a dedicated launcher for each program)
+something like this:
+
+#include <unistd.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[], char *envp[])
+{
+       int r
+       if (argc<2) {
+               fputs("Command missing.\n");
+               return 1;
+       }
+       r=execve(argv[1],argv+1,envp);
+       return r;
+}
+
+then I have to warn you:
+NO, THAT'S NOT A GOOD IDEA.
+ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA.
+If you compile such a program and set the SETUID flag,
+then yes you will have a generalised SETUID launcher,
+but also ANYONE on the computer will be able to run ANYTHING
+as if they were you.
+Congratulations, your password is useless.
+*/

diff --git a/git-http-backend b/git-http-backend
new file mode 100755 (executable)
index 0000000..24d61ce
Binary files /dev/null and b/git-http-backend differ

diff --git a/git-http-backend.c b/git-http-backend.c
new file mode 100644 (file)
index 0000000..4af9c17
--- /dev/null
+++ b/git-http-backend.c
@@ -0,0 +1,52 @@
+#include <unistd.h>
+
+#define TARGET "/usr/lib/git-core/git-http-backend"
+
+int main(int argc, char *argv[], char *envp[])
+{
+       int r;
+       r=execve(TARGET,argv,envp);
+       return r;
+}
+
+/*
+Explanation:
+
+You want to run some program/script with SETUID
+but you don't want to set the SETUID flag of the original program
+or you want to run it as a different user than owner of the program
+Solution:
+You insert the path into the TARGET define,
+compile this file
+and set the user and SETUID flag of the compiled program.
+
+Sidenote:
+
+If you ever think that it could be a good idea to extend this a little
+and make a generalised SETUID launcher to run arbitrary programs
+(instead of a dedicated launcher for each program)
+something like this:
+
+#include <unistd.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[], char *envp[])
+{
+       int r
+       if (argc<2) {
+               fputs("Command missing.\n");
+               return 1;
+       }
+       r=execve(argv[1],argv+1,envp);
+       return r;
+}
+
+then I have to warn you:
+NO, THAT'S NOT A GOOD IDEA.
+ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA.
+If you compile such a program and set the SETUID flag,
+then yes you will have a generalised SETUID launcher,
+but also ANYONE on the computer will be able to run ANYTHING
+as if they were you.
+Congratulations, your password is useless.
+*/

diff --git a/makefile b/makefile
new file mode 100644 (file)
index 0000000..52d5e3d
--- /dev/null
+++ b/makefile
@@ -0,0 +1,36 @@
+GIT_BACKEND_ESC = \/usr\/lib\/git-core\/git-http-backend
+
+CC=gcc
+CF=-g -Wall
+
+CP    = cp
+RM    = rm
+SED   = sed
+CHMOD = chmod
+MKDIR = mkdir
+
+OD=/botm/bin/git
+
+
+all: git-http-backend
+
+git-http-backend.c: exec.c
+       $(SED) "s/###TARGET;/$(GIT_BACKEND_ESC)/" exec.c > git-http-backend.c
+
+git-http-backend: git-http-backend.c
+       $(CC) $(CF) -o git-http-backend git-http-backend.c
+       $(CHMOD) u+s git-http-backend
+
+cpbin: git-http-backend
+       $(MKDIR) -p $(OD)
+       $(CP) git-http-backend $(OD)
+
+rmbin:
+       $rm -f $(OD)/git-http-backend
+       
+install: cpbin
+
+uninstall: rmbin
+
+clean:
+       rm -f git-http-backend git-http-backend.c