From: b Date: Sat, 24 Feb 2024 22:03:53 +0000 (+0000) Subject: use exec as subproject now X-Git-Url: http://bicyclesonthemoon.info/git-projects/?a=commitdiff_plain;h=HEAD;p=botm%2Fgit use exec as subproject now --- diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..cc9761e --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "exec"] + path = exec + url = ../exec diff --git a/exec b/exec new file mode 160000 index 0000000..4cc21a9 --- /dev/null +++ b/exec @@ -0,0 +1 @@ +Subproject commit 4cc21a9192d4f85d7dcee52333e5810d8aadc109 diff --git a/exec.c b/exec.c deleted file mode 100644 index 5094091..0000000 --- a/exec.c +++ /dev/null @@ -1,62 +0,0 @@ -// 12.11.2022 -#include -#include - -#define TARGET "###TARGET;" - -int main(int argc, char *argv[], char *envp[]) -{ - uid_t euid; - gid_t egid; - int r; - euid = geteuid(); - egid = getegid(); - if ((r = setreuid(euid, euid))) - return (r = errno); - if ((r = setregid(egid, egid))) - return (r = errno); - r=execve(TARGET,argv,envp); - return r; -} - -/* -Explanation: - -You want to run some program/script with SETUID -but you don't want to set the SETUID flag of the original program -or you want to run it as a different user than owner of the program -Solution: -You insert the path into the TARGET define, -compile this file -and set the user and SETUID flag of the compiled program. - -Sidenote: - -If you ever think that it could be a good idea to extend this a little -and make a generalised SETUID launcher to run arbitrary programs -(instead of a dedicated launcher for each program) -something like this: - -#include -#include - -int main(int argc, char *argv[], char *envp[]) -{ - int r - if (argc<2) { - fputs("Command missing.\n"); - return 1; - } - r=execve(argv[1],argv+1,envp); - return r; -} - -then I have to warn you: -NO, THAT'S NOT A GOOD IDEA. -ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA. -If you compile such a program and set the SETUID flag, -then yes you will have a generalised SETUID launcher, -but also ANYONE on the computer will be able to run ANYTHING -as if they were you. -Congratulations, your password is useless. -*/ diff --git a/makefile b/makefile index ec0c3ab..8524162 100644 --- a/makefile +++ b/makefile @@ -1,3 +1,18 @@ +# Copyright (C) 2022, 2024 Balthasar Szczepański +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + GIT_BACKEND_ESC = \/usr\/lib\/git-core\/git-http-backend CC=gcc @@ -14,8 +29,8 @@ OD=/botm/bin/git all: git-http-backend -git-http-backend.c: exec.c - $(SED) "s/###TARGET;/$(GIT_BACKEND_ESC)/" exec.c > git-http-backend.c +git-http-backend.c: exec/exec.c + $(SED) "s/###EXEC_TARGET:/$(GIT_BACKEND_ESC)/" exec/exec.c > git-http-backend.c git-http-backend: git-http-backend.c $(CC) $(CF) -o git-http-backend git-http-backend.c