Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Jan 1996 21:57:46 -0800
From:      "Jordan K. Hubbard" <jkh@time.cdrom.com>
To:        current@freebsd.org
Subject:   Please test this on your system (and see if you crash)
Message-ID:  <17705.822895066@time.cdrom.com>
next in thread | raw e-mail | index | archive | help 
Yes, this program may hose you.  It hoses me, so be careful trying it
out.

Its function is to allow anyone in group wheel to execute commands as
arbitrary users and it should be run setuid to root.  In 2.1 it works
fine, in 2.2 I get a very strange lock-up which may just be me, thus
this email for confirmation.

Thanks!

					Jordan
----


#include <stdio.h>
#include <unistd.h>
#include <sys/param.h>
#include <pwd.h>

#define WHEEL_GID 0

extern int errno;

main (argc, argv, envp)
int argc;
char *argv[];
char *envp[];
{
    char *shell, *name;
    struct passwd *ent;
    char **av = argv;
    char ps1[128];
    gid_t gids[NGROUPS];
    int i, ng, ac = argc;
    
    if ((ng = getgroups(NGROUPS, gids)) < 0) {
	perror("getgroups");
	return 1;
    }
    for (i = 0; i < ng; i++)
	if (gids[i] == WHEEL_GID)
	    break;
    if (i == ng) {
	fprintf(stderr, "Sorry, you are simply not studly enough to run this program!\n");
	return 1;
    }
    
    if ((argc > 1) && (argv[1][0] == '-')) {
	name = av[1] + 1;
	sprintf(ps1, "PS1=(%s) ", name);
	av++;
	ac--;
    }
    else {
	name = "root";
	strcpy(ps1, "PS1=(#) ");
    }
    
    if ((ent = getpwnam(name)) == NULL) {
	fprintf(stderr, "Can't find password entry for \"%s\"\n", name);
	return 1;
    }
    
    if (!(setgid(ent->pw_gid) || setuid(ent->pw_uid))) {
	putenv(ps1);
	if (ac == 1)
	    if (shell = getenv("SHELL"))
		execl(shell, shell, (char *)0L);
	    else
		execl("/bin/sh", "sh", (char *)(0L));
	else
	    execvp(av[1], av + 1);
	fprintf(stderr, "Error in %s: ", argv[0]);
	perror("");
    }
    else { 
	fprintf(stderr, "%s setuid failed - ", argv[0]);
	perror("");
    }
    return 0;
}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17705.822895066>