it* Initial import of 'sup' into mercurial - sup - small tool for privilege escalation Err parazyd.org 70 hgit clone https://git.parazyd.org/sup URL:https://git.parazyd.org/sup parazyd.org 70 1Log /git/sup/log.gph parazyd.org 70 1Files /git/sup/files.gph parazyd.org 70 1Refs /git/sup/refs.gph parazyd.org 70 1README /git/sup/file/README.gph parazyd.org 70 1LICENSE /git/sup/file/LICENSE.gph parazyd.org 70 i--- Err parazyd.org 70 1commit 989bc1c744d8fe03a58692410a6d68ad00a872c8 /git/sup/commit/989bc1c744d8fe03a58692410a6d68ad00a872c8.gph parazyd.org 70 hAuthor: pancake@dazo URL:mailto:unknown parazyd.org 70 iDate: Mon, 14 Dec 2009 01:02:07 +0100 Err parazyd.org 70 i Err parazyd.org 70 i* Initial import of 'sup' into mercurial Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i A Makefile | 31 +++++++++++++++++++++++++++++++ Err parazyd.org 70 i A TODO | 1 + Err parazyd.org 70 i A config.def.h | 18 ++++++++++++++++++ Err parazyd.org 70 i A sup.1 | 23 +++++++++++++++++++++++ Err parazyd.org 70 i A sup.c | 72 +++++++++++++++++++++++++++++++ Err parazyd.org 70 i Err parazyd.org 70 i5 files changed, 145 insertions(+), 0 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/Makefile b/Makefile /git/sup/file/Makefile.gph parazyd.org 70 it@@ -0,0 +1,31 @@ Err parazyd.org 70 i+CC?=gcc Err parazyd.org 70 i+DESTDIR?= Err parazyd.org 70 i+PREFIX?=/usr Err parazyd.org 70 i+VERSION=0.1 Err parazyd.org 70 i+USER=root Err parazyd.org 70 i+GROUP=root Err parazyd.org 70 i+ Err parazyd.org 70 i+all: config.h sup Err parazyd.org 70 i+ Err parazyd.org 70 i+config.h: Err parazyd.org 70 i+ cp config.def.h config.h Err parazyd.org 70 i+ Err parazyd.org 70 i+sup.o: config.h sup.c Err parazyd.org 70 i+ ${CC} -c sup.c Err parazyd.org 70 i+ Err parazyd.org 70 i+sup: sup.o Err parazyd.org 70 i+ ${CC} sup.o -o sup Err parazyd.org 70 i+ Err parazyd.org 70 i+clean: Err parazyd.org 70 i+ rm -f sup.o sup Err parazyd.org 70 i+ Err parazyd.org 70 i+mrproper: clean Err parazyd.org 70 i+ rm -f config.h Err parazyd.org 70 i+ Err parazyd.org 70 i+install: Err parazyd.org 70 i+ mkdir -p ${DESTDIR}${PREFIX}/bin Err parazyd.org 70 i+ cp sup ${DESTDIR}${PREFIX}/bin Err parazyd.org 70 i+ chown ${USER}:${GROUP} ${DESTDIR}/${PREFIX}/bin/sup Err parazyd.org 70 i+ chmod 4111 ${DESTDIR}${PREFIX}/bin/sup Err parazyd.org 70 i+ sed s,VERSION,${VERSION}, sup.1 \ Err parazyd.org 70 i+ > ${DESTDIR}${PREFIX}/share/man/man1/sup.1 Err parazyd.org 70 1diff --git a/TODO b/TODO /git/sup/file/TODO.gph parazyd.org 70 it@@ -0,0 +1 @@ Err parazyd.org 70 i+* Enforce with checksums (sha1?) Err parazyd.org 70 1diff --git a/config.def.h b/config.def.h /git/sup/file/config.def.h.gph parazyd.org 70 it@@ -0,0 +1,18 @@ Err parazyd.org 70 i+#define USER 1000 Err parazyd.org 70 i+#define GROUP -1 Err parazyd.org 70 i+ Err parazyd.org 70 i+#define SETUID 0 Err parazyd.org 70 i+#define SETGID 0 Err parazyd.org 70 i+ Err parazyd.org 70 i+#define CHROOT "/" Err parazyd.org 70 i+ Err parazyd.org 70 i+#define ENFORCE 1 Err parazyd.org 70 i+ Err parazyd.org 70 i+static struct rule_t rules[] = { Err parazyd.org 70 i+ { USER, GROUP, "whoami", "/usr/bin/whoami" }, Err parazyd.org 70 i+ { USER, GROUP, "ifconfig", "/sbin/ifconfig" }, Err parazyd.org 70 i+ { USER, GROUP, "ls", "/bin/ls" }, Err parazyd.org 70 i+ { USER, GROUP, "wifi", "/root/wifi.sh" }, Err parazyd.org 70 i+ { USER, GROUP, "", ""}, // allow to run any program Err parazyd.org 70 i+ { 0 }, Err parazyd.org 70 i+}; Err parazyd.org 70 1diff --git a/sup.1 b/sup.1 /git/sup/file/sup.1.gph parazyd.org 70 it@@ -0,0 +1,23 @@ Err parazyd.org 70 i+.TH SUP 1 sup\-VERSION Err parazyd.org 70 i+.SH NAME Err parazyd.org 70 i+sup - scale user priviledges Err parazyd.org 70 i+.SH SYNOPSIS Err parazyd.org 70 i+.B sup Err parazyd.org 70 i+.RB [ \-hlv ] Err parazyd.org 70 i+.SH DESCRIPTION Err parazyd.org 70 i+sup is a minimal priviledge scalation utility that allow normal Err parazyd.org 70 i+users to run other programs as different user and group. Err parazyd.org 70 i+.P Err parazyd.org 70 i+The configuration is done in config.h at compile time. Err parazyd.org 70 i+.SH OPTIONS Err parazyd.org 70 i+.TP Err parazyd.org 70 i+.B \-h Err parazyd.org 70 i+print help message Err parazyd.org 70 i+.TP Err parazyd.org 70 i+.B \-l Err parazyd.org 70 i+list command whitelist Err parazyd.org 70 i+.TP Err parazyd.org 70 i+.B \-v Err parazyd.org 70 i+prints version information Err parazyd.org 70 i+.SH AUTHOR Err parazyd.org 70 i+pancake Err parazyd.org 70 1diff --git a/sup.c b/sup.c /git/sup/file/sup.c.gph parazyd.org 70 it@@ -0,0 +1,72 @@ Err parazyd.org 70 i+/* pancake -- Copyleft 2009 */ Err parazyd.org 70 i+ Err parazyd.org 70 i+#include Err parazyd.org 70 i+#include Err parazyd.org 70 i+#include Err parazyd.org 70 i+#include Err parazyd.org 70 i+ Err parazyd.org 70 i+#define HELP "sup [-hlv] [cmd ..]" Err parazyd.org 70 i+#define VERSION "sup 0.1 pancake copyleft 2009" Err parazyd.org 70 i+ Err parazyd.org 70 i+struct rule_t { Err parazyd.org 70 i+ int uid; Err parazyd.org 70 i+ int gid; Err parazyd.org 70 i+ const char *cmd; Err parazyd.org 70 i+ const char *path; Err parazyd.org 70 i+}; Err parazyd.org 70 i+ Err parazyd.org 70 i+#include "config.h" Err parazyd.org 70 i+ Err parazyd.org 70 i+static int die(int ret, const char *str) { Err parazyd.org 70 i+ fprintf (stderr, "%s\n", str); Err parazyd.org 70 i+ return ret; Err parazyd.org 70 i+} Err parazyd.org 70 i+ Err parazyd.org 70 i+int main(int argc, char **argv) { Err parazyd.org 70 i+ char *cmd; Err parazyd.org 70 i+ int i, uid, gid, ret; Err parazyd.org 70 i+ Err parazyd.org 70 i+ if (argc < 2 || !strcmp (argv[1], "-h")) Err parazyd.org 70 i+ return die (1, HELP); Err parazyd.org 70 i+ Err parazyd.org 70 i+ if (!strcmp (argv[1], "-v")) Err parazyd.org 70 i+ return die (1, VERSION); Err parazyd.org 70 i+ Err parazyd.org 70 i+ if (!strcmp (argv[1], "-l")) { Err parazyd.org 70 i+ for (i = 0; rules[i].cmd != NULL; i++) Err parazyd.org 70 i+ printf ("%d %d %10s %s\n", rules[i].uid, rules[i].gid, Err parazyd.org 70 i+ rules[i].cmd, rules[i].path); Err parazyd.org 70 i+ return 0; Err parazyd.org 70 i+ } Err parazyd.org 70 i+ Err parazyd.org 70 i+ uid = getuid (); Err parazyd.org 70 i+ gid = getgid (); Err parazyd.org 70 i+ Err parazyd.org 70 i+ for (i = 0; rules[i].cmd != NULL; i++) { Err parazyd.org 70 i+ if (!rules[i].cmd[0] || !strcmp (argv[1], rules[i].cmd)) { Err parazyd.org 70 i+#if ENFORCE Err parazyd.org 70 i+ struct stat st; Err parazyd.org 70 i+ lstat (rules[i].path, &st); Err parazyd.org 70 i+ if (st.st_mode & 0222) Err parazyd.org 70 i+ return die (1, "Cannot run writable binaries."); Err parazyd.org 70 i+#endif Err parazyd.org 70 i+ if (uid != SETUID && rules[i].uid != -1 && rules[i].uid != uid) Err parazyd.org 70 i+ return die (1, "User does not match"); Err parazyd.org 70 i+ Err parazyd.org 70 i+ if (gid != SETGID && rules[i].gid != -1 && rules[i].gid != gid) Err parazyd.org 70 i+ return die (1, "Group id does not match"); Err parazyd.org 70 i+ Err parazyd.org 70 i+ if (setuid (SETUID) == -1 || setgid (SETGID) == -1 || Err parazyd.org 70 i+ seteuid (SETUID) == -1 || setegid (SETGID) == -1) Err parazyd.org 70 i+ return die (1, strerror (errno)); Err parazyd.org 70 i+#ifdef CHROOT Err parazyd.org 70 i+ if (chroot (CHROOT) == -1) Err parazyd.org 70 i+ return die (1, strerror (errno)); Err parazyd.org 70 i+#endif Err parazyd.org 70 i+ ret = execv (rules[i].path? rules[i].path:argv[1], argv+1); Err parazyd.org 70 i+ return die (ret, strerror (errno)); Err parazyd.org 70 i+ } Err parazyd.org 70 i+ } Err parazyd.org 70 i+ Err parazyd.org 70 i+ return die (1, "Sorry"); Err parazyd.org 70 i+} Err parazyd.org 70 .