From 9737ce18195debe4293c721dcd74c3828bb8dbf1 Mon Sep 17 00:00:00 2001
From: b <b@bicyclesonthemoon.info>
Date: Thu, 8 Sep 2022 18:12:23 +0000
Subject: [PATCH 1/1] exec template

---
 exec.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 exec.c

diff --git a/exec.c b/exec.c
new file mode 100644
index 0000000..79490e6
--- /dev/null
+++ b/exec.c
@@ -0,0 +1,52 @@
+#include <unistd.h>
+
+#define TARGET "/path/to/exec" /* replace with actual target */
+
+int main(int argc, char *argv[], char *envp[])
+{
+	int r
+	r=execve(TARGET,argv,envp);
+	return r;
+}
+
+/*
+Explanation:
+
+You want to run some program/script with SETUID
+but you don't want to set the SETUID flag of the original program
+or you want to run it as a different user than owner of the program
+Solution:
+You insert the path into the TARGET define,
+compile this file
+and set the user and SETUID flag of the compiled program.
+
+Sidenote:
+
+If you ever think that it could be a good idea to extend this a little
+and make a generalised SETUID launcher to run arbitrary programs
+(instead of a dedicated launcher for each program)
+something like this:
+
+#include <unistd.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[], char *envp[])
+{
+	int r
+	if (argc<2) {
+		fputs("Command missing.\n");
+		return 1;
+	}
+	r=execve(argv[1],argv+1,envp);
+	return r;
+}
+
+then I have to warn you:
+NO, THAT'S NOT A GOOD IDEA.
+ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA.
+If you compile such a program and set the SETUID flag,
+then yes you will have a generalised SETUID launcher,
+but also ANYONE on the computer will be able to run ANYTHING
+as if they were you.
+Congratulations, your password is useless.
+*/
-- 
2.30.2