From ec82e9e4177bc3329735e9b1efa3bcd031eda048 Mon Sep 17 00:00:00 2001 From: b Date: Tue, 6 Dec 2022 21:53:02 +0000 Subject: [PATCH] Add setreuid/gid for pull disguise --- exec.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/exec.c b/exec.c index 79490e6..bd6876a 100644 --- a/exec.c +++ b/exec.c @@ -1,7 +1,65 @@ +// 12.11.2022 #include +#include #define TARGET "/path/to/exec" /* replace with actual target */ +int main(int argc, char *argv[], char *envp[]) +{ + uid_t euid; + gid_t egid; + int r; + euid = geteuid(); + egid = getegid(); + if ((r = setreuid(euid, euid))) + return (r = errno); + if ((r = setregid(egid, egid))) + return (r = errno); + r=execve(TARGET,argv,envp); + return r; +} + +/* +Explanation: + +You want to run some program/script with SETUID +but you don't want to set the SETUID flag of the original program +or you want to run it as a different user than owner of the program +Solution: +You insert the path into the TARGET define, +compile this file +and set the user and SETUID flag of the compiled program. + +Sidenote: + +If you ever think that it could be a good idea to extend this a little +and make a generalised SETUID launcher to run arbitrary programs +(instead of a dedicated launcher for each program) +something like this: + +#include +#include + +int main(int argc, char *argv[], char *envp[]) +{ + int r + if (argc<2) { + fputs("Command missing.\n"); + return 1; + } + r=execve(argv[1],argv+1,envp); + return r; +} + +then I have to warn you: +NO, THAT'S NOT A GOOD IDEA. +ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA. +If you compile such a program and set the SETUID flag, +then yes you will have a generalised SETUID launcher, +but also ANYONE on the computer will be able to run ANYTHING +as if they were you. +Congratulations, your password is useless. +*/ int main(int argc, char *argv[], char *envp[]) { int r -- 2.30.2