From f4c1d238cf945c2bfb7b5e64e6d8ef84baff977f Mon Sep 17 00:00:00 2001
From: b <b@bicyclesonthemoon.info>
Date: Thu, 8 Sep 2022 19:19:44 +0000
Subject: [PATCH 1/1] SETUID wrepper for git-http-backend

---
 exec.c             |  52 +++++++++++++++++++++++++++++++++++++++++++++
 git-http-backend   | Bin 0 -> 9372 bytes
 git-http-backend.c |  52 +++++++++++++++++++++++++++++++++++++++++++++
 makefile           |  36 +++++++++++++++++++++++++++++++
 4 files changed, 140 insertions(+)
 create mode 100644 exec.c
 create mode 100755 git-http-backend
 create mode 100644 git-http-backend.c
 create mode 100644 makefile

diff --git a/exec.c b/exec.c
new file mode 100644
index 0000000..c747a98
--- /dev/null
+++ b/exec.c
@@ -0,0 +1,52 @@
+#include <unistd.h>
+
+#define TARGET "###TARGET;"
+
+int main(int argc, char *argv[], char *envp[])
+{
+	int r;
+	r=execve(TARGET,argv,envp);
+	return r;
+}
+
+/*
+Explanation:
+
+You want to run some program/script with SETUID
+but you don't want to set the SETUID flag of the original program
+or you want to run it as a different user than owner of the program
+Solution:
+You insert the path into the TARGET define,
+compile this file
+and set the user and SETUID flag of the compiled program.
+
+Sidenote:
+
+If you ever think that it could be a good idea to extend this a little
+and make a generalised SETUID launcher to run arbitrary programs
+(instead of a dedicated launcher for each program)
+something like this:
+
+#include <unistd.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[], char *envp[])
+{
+	int r
+	if (argc<2) {
+		fputs("Command missing.\n");
+		return 1;
+	}
+	r=execve(argv[1],argv+1,envp);
+	return r;
+}
+
+then I have to warn you:
+NO, THAT'S NOT A GOOD IDEA.
+ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA.
+If you compile such a program and set the SETUID flag,
+then yes you will have a generalised SETUID launcher,
+but also ANYONE on the computer will be able to run ANYTHING
+as if they were you.
+Congratulations, your password is useless.
+*/
diff --git a/git-http-backend b/git-http-backend
new file mode 100755
index 0000000000000000000000000000000000000000..24d61ce893182381becf6949ec9b1f151d3da778
GIT binary patch
literal 9372
zcmeHNYiwM_6`s2<uj6N)I0=s>af>P0^*UHdNRtxVn{^z=NgF~{XvNLl-D~eQ`|9qs
zu@hRNf=XH;5HukA5Tq(XR6=Sag{r6ti3I91ZA0Nls}=}U5l~tsm4H~hw%<2%$G&#m
z3aS0kA3pNgGiS~>XXehGd+wRJzJ2SCq+u9BlV5ZQY9IK8=!R^+0zUx}>=qGG58G<7
ziuUs9kPw=~fRF<&!zA0XJvo8~WNn9Qu?M>5<<QBrqgpb=6#W4X$w66TNPD;ieYO~q
zH=)rMF#Ba|AAVb5Z-t$F0Xms>J%%#yniHreYujheIT@(`LTuj(-VM9A|4G!5*`DL?
z%;!>_`AjsQD~^swtx6#~9IKXM*TN(*OCUK1{X1_IE5G&i)Atv4K36)tt3Pr4@E_}z
zKKl&)upjy&hD1ECi^O`(vf@Ad9AQI{Uo=R$sg*6MFB8qOq<&UG^m+6M%9nZcMJSsd
zJ%VzbN2k5$(IY6Uo>V36!b+7Yj<Cn=^q4J7Gd*sZ!?~iB&+Vs*SxcK$$ErAH!O9f{
zb<W#5(Z6G$x6fP~>lWs~o*^@1SL~5o)v+skhWhfQqP@pT<>_IhP%63}Oa+}2s7A!u
zoMx`7PSkMTNlS9MCfcu4s$6H6pxlV{L>a+6QpR1`?aD2#Y=>Nmx$mIF4P8Tt1+;+@
z4@)EDGT2)wv9Om=!rn%SiM^Dv9&3C{^o@@T@n-noiPr;Xqvrx=A34{2_TIDM3s0X*
zG-8H-cJHgLzq<R?#QVq3>GCE|x!Y4-<0-eJyz7E!05|)Ne=!+2W*mEYvi(T-``=Ey
zJQ+E4^JL?xp~=8+LW4I?`s1N(H)Da<F8=m>?cz)4Pd6AM!fOZf`Cbx#<lK_TBj^0_
zd(ZkJ-+T>E$X_n6bs8_$YJYtK*fqd}w$%;RZ68k@NbFDC(d$1G9DM$B{-bUE<$iJU
z_rRP1e*@eBY<OG!z<8p5`$VFC#s0*vTl{Z+&lqT(+2(Oz9|eB_yn$_=Trjv`JH4+Q
z-}h8KysthQ9z2j}%hoOyG3t}G(4evEKw?EXe4>IjYrySjcMIfh@UyRplLw#t+K<E!
zC-*+JcmLk~*{8BWwoleB?mh2M9<UDN+LCSSPb3eXcn9sGZ%p>pB^!4(4joE<C2?Q!
z%Zb{>Pn;iH`Qz3FX9Al=`;C)<>$fL+k{gmn_e1@U^}h4miPtCZ5GS9lH^gx;ubcOl
z_mvTABYbWKFK{Kom()2%)~|IXS1fhLLdwOi#A20tqbpata-l1+hNPX(B-?TAQZjB+
zVyQ_9A*pk;T9I*VB<DoarHb9jLe_E0(Ug_mXBRW#|8C6j4{Eo2V~)O-c{x7=^D{6%
z1M@R5KLhhKFh2ux%|Ja8s$U{cXa2x_0P`sBotRhM1{?RM+;6Ug1Wc>|b1!hItH1qW
zt#k~HnV02}q#>0Tr=c^SI|SzLi+hWuU=m!TLhV(V^KwtfT#b3zIE*ZJKyu&oX)yCV
z=4$WNY9$swgbc%8gXEYmK)!{3--Tq~AC<U2*7OAY&E^SSkcX~=-sGv{ey6{$Z)2n*
zVW)CdG13)}t&Md>*In(FB5UJoyW(A4anZvZ*0QZsP8hu8;QDBf2ra1V2^;mk1%X9@
z#l{k2sd0(F%~)=%@Lg)GGB~@;c-5R^#?do(6Piw=z`KE8V+_BI+zN22yg;839z>PT
zS9c3Vpzazam=gPp(2%qRUxM%lg1Mq2d|`QkzHr@@5*ef#2z-f(5#A$}efSNs#s~&?
zLFf*R?}l!Ywau*c-Iou&F4Yy|Qq6|A={ABLO3l<&gi#k#PzQ#E#>bi$H~5=ZHZL?5
zg<7#1eC?v4;Zvx>@Z2KSL7)Y-1Gv&)%(#BJzj<TBCmXJ7xN7;pVz%4T_Fyj-Y$zzS
zWni(d4IB1u;SVdQsu2AcjbB{Nu^I0*HwhdCaXo+yF+1UprC~vjh6wt2xt9b3*<k&B
zLE}na2n{g@uwp&du&QrsZfp_}!a;g&dYZ#``R*}#nj<|;b-S9wJxxsl+xL-({Nc>o
z#j&#JOqHBMXSI^%mcs)WEmm_QMLQEAa*n}G+0$98BCN_tT2!+*aEMG9*iarV;8Z2j
z*R_835{*O)!}*fsM6pIU!%2n}<<ZS!!{xDSqnWOC(4FjPAw`+5Ml(4pZ>OEjBgIkF
zSe0~kGfsQP)<>;thRc!Yh}%EA#c;Sl=Omtkk^D0HsB<Z$tF?c4%8myV#5hCpyKA3u
zM(J|h%J`#n6$uy@l&(%}7&ny8h@#?*(zy#%@ki;5UMdbMol#812&MCm3-SJxKSoOx
zFDd=*3DccwSkPNoEzb=p{qAYY3vR&j%c!T~tg_2fBN=Cv&PN+z(~Vhv88um<Ccy7T
zSMM1Y@rfxrqw6&J1)d2H`DK)!uJFq!@6{Ror^zp)zgNF(T0zM#E}x}e;of0Y9T5Mh
zZAVexU$$U0((}o;5AEG5#G#~gp1Ue)m3BS90`p6}zJ7r-KE69NvA>6)Bs~7U<I#Pt
z|GgeN@kiYI%eNSHz7G{Oi^p{lQu}{=7XF|Ie_<A$<2^KGZxQc#bOYDZgj<_)$HVb)
zezKnNvHhJMo%X{XolE5bPkZ8j;;~cbJ513s>HilV`zn~27m)P)yydZPfSv1$9(W>1
zf6NOMEfxtBwQk_m#PO-u3lU9XAMDIMNZLR13`L8?tte{UKsG@CdOb5+cu+%8uh&!C
z)cR<V{W1P3a@Uhb|G}*G9Nz|yo&A+PI_={geXjet$<sgYr`CBt=}$lJ%yOPY|5`WP
z=N}MByq;%Z*Yn40=mqHd`8QyH5xSlq+Al!Y@qqR}A@=F@>vPvHa~wsDay-X9I@k9p
zj~+sM=0FUgi*Ub|xv`Y(SAjb{dIWkAx_<s5c>V^V>-*J;`(;7j=B_vDH_fmw6Rpto
z^R>v=EcVXAGq=?KTj75Kx+X@;2RwQN`lHbG`d;W;CXPa9yx<aEi2HHMgJ=8apfktY
zf-<l7cbHG_cq_2;+YpKNSD<_CZ$S56@7vIsFEVQ*{#}oq;|Wd8wGa_tA|72v|LKFs
zbh;C7SNE$5Ub)O9v%{TT@y=Mx{hP~vL%QO0#Y&<*BibGDU%P|19KBg0ZRPXkt+ut#
z94`J({1)LC?yJt|@Gz1sy3ZBL`JA0Ghf_JHDyBbtm`=e=^V3HapFJ`qb0l9%S$Q+#
zlqyxz8XXtu5?b1hor%TgM)1o^&a^5OYr?dPPGv$2SFD0<W=0Ez2{iF&CXmhy=p5OX
zoga=87c1R>*2&#HLtD+QI};{8#LR4;5oY41ojpSXeKRfc%a1VockJrz*<tQVCU4lf
z$K2D?yJIU|$d5zm>ZlwxbnmyLEg$v!P^wy;{yb!7EXRT;R^m8Y4wO|2p}U;^9_8(2
z)|VzTQ!SZUtC-<esDWMZkjWLz(W;$sKX%P%J9R0XF7%^2pBkOYQB4zHxAYY9v)7#8
zvg9W<k9!fTP81v~1?g0j%<2;IP`gqVv0}-wV|ajKsnHxhQ|2;mRZs6g)Uif{v}LVo
zR>U$BMfg+FsVK{sU8&|u#TkkTTgA>3uL|Y7BVzIbV~#zJGM5`nB{}P{p4~$+dpwsJ
z7co1l)|!H=Wv1Y|45wBhmqv#rI8qKUSt5o-UclNF(w*fvm0W7n!6OmN*s0MGG`ET)
z(`v3bT$(baQWbklYxq!W>#|(;TEWaACVf<5cF5NcLfnjR+qyk%q}5<%;>49vNp443
zlTI(zp+e)BBa$N;1gUWel;6R=pZ<;kLvBMEVOJ7y<egw<@WgS?Kt6&pU)Kz~#I%Ax
z>*~bueM3HkvL-Z>#O*ZCABf`~gUoXb-7o9O+$;0Ef@SVK$Ptv;FMY9J(ta>^AjEY5
zLuUS}{Sn6<%N=0idciy^A$Oom9M4xY?rxOnpZzcgAgdh<DnPp5yHM6Reg46IH4#U?
zAFOfA(a8r{;ga^p975yxE+=!`nl$cVR1nAO<vW?YZ4Q5rDO~xhklz2fXo61C{*I!o
z{V}H^YnvDMQz$%!!0=`6#Q$ZOjidf^Fn4UkF$Zh>H@N3v=NuEq+>HNw!Mu=lB>Lj@
z{~65j5hrsrEVfN7yF?uM6|lxJ*VzQzT=VxDaIB|4<{Sy&*j^KTkp2c{IZg#c+*PV5
ze`zDX4Ti6>ti;bg;I7pQr1pmskf}1w4+9rr!6l7bG7I-KaA!0KQsW}CaQEQwk4H<I
zG%hv^R|9TPgCI3-<1E|`BvRcToSvh87Z-PJ2Z8&$2S<OJxkfdWu?>&c32`MVJ`bip
lT$+3)<-J9jbOeW_aZd$(kuYqv2Bd~L!M1s~Hlj`!{|UR?B5?o!

literal 0
HcmV?d00001

diff --git a/git-http-backend.c b/git-http-backend.c
new file mode 100644
index 0000000..4af9c17
--- /dev/null
+++ b/git-http-backend.c
@@ -0,0 +1,52 @@
+#include <unistd.h>
+
+#define TARGET "/usr/lib/git-core/git-http-backend"
+
+int main(int argc, char *argv[], char *envp[])
+{
+	int r;
+	r=execve(TARGET,argv,envp);
+	return r;
+}
+
+/*
+Explanation:
+
+You want to run some program/script with SETUID
+but you don't want to set the SETUID flag of the original program
+or you want to run it as a different user than owner of the program
+Solution:
+You insert the path into the TARGET define,
+compile this file
+and set the user and SETUID flag of the compiled program.
+
+Sidenote:
+
+If you ever think that it could be a good idea to extend this a little
+and make a generalised SETUID launcher to run arbitrary programs
+(instead of a dedicated launcher for each program)
+something like this:
+
+#include <unistd.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[], char *envp[])
+{
+	int r
+	if (argc<2) {
+		fputs("Command missing.\n");
+		return 1;
+	}
+	r=execve(argv[1],argv+1,envp);
+	return r;
+}
+
+then I have to warn you:
+NO, THAT'S NOT A GOOD IDEA.
+ACTUALLY, IT'S AN INCREDIBLY STUPID IDEA.
+If you compile such a program and set the SETUID flag,
+then yes you will have a generalised SETUID launcher,
+but also ANYONE on the computer will be able to run ANYTHING
+as if they were you.
+Congratulations, your password is useless.
+*/
diff --git a/makefile b/makefile
new file mode 100644
index 0000000..52d5e3d
--- /dev/null
+++ b/makefile
@@ -0,0 +1,36 @@
+GIT_BACKEND_ESC = \/usr\/lib\/git-core\/git-http-backend
+
+CC=gcc
+CF=-g -Wall
+
+CP    = cp
+RM    = rm
+SED   = sed
+CHMOD = chmod
+MKDIR = mkdir
+
+OD=/botm/bin/git
+
+
+all: git-http-backend
+
+git-http-backend.c: exec.c
+	$(SED) "s/###TARGET;/$(GIT_BACKEND_ESC)/" exec.c > git-http-backend.c
+
+git-http-backend: git-http-backend.c
+	$(CC) $(CF) -o git-http-backend git-http-backend.c
+	$(CHMOD) u+s git-http-backend
+
+cpbin: git-http-backend
+	$(MKDIR) -p $(OD)
+	$(CP) git-http-backend $(OD)
+
+rmbin:
+	$rm -f $(OD)/git-http-backend
+	
+install: cpbin
+
+uninstall: rmbin
+
+clean:
+	rm -f git-http-backend git-http-backend.c
-- 
2.30.2