From 08c30d1a3d2256b2e613c4d5d8c68d6819be6a85 Mon Sep 17 00:00:00 2001 From: Jakob Kaivo Date: Mon, 1 Feb 2021 10:49:11 -0500 Subject: first draft of front-end --- privexec/Makefile | 26 +++++++++++++++++++ privexec/privexec.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 privexec/Makefile create mode 100644 privexec/privexec.c diff --git a/privexec/Makefile b/privexec/Makefile new file mode 100644 index 0000000..26cafe6 --- /dev/null +++ b/privexec/Makefile @@ -0,0 +1,26 @@ +.POSIX: + +# This Makefile was generated by maje +# See https://gitlab.com/jkaivo/maje/ for more information +# Do not edit this Makefile by hand + +CC=c99 +LD=$(CC) +CFLAGS=-Wall -Wextra -Wpedantic -Werror -g +LDFLAGS= +LDLIBS= +SRCDIR=. +OBJDIR=. +BINDIR=$(OBJDIR) + +all: $(BINDIR)/privexec + +clean: + rm -f $(BINDIR)/privexec $(OBJDIR)/*.o + +$(BINDIR)/privexec: $(OBJDIR)/privexec.o +$(OBJDIR)/privexec.o: $(SRCDIR)/privexec.c + $(CC) $(CFLAGS) -o $@ -c $(SRCDIR)/privexec.c + +$(BINDIR)/privexec: + $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/*.o $(LDLIBS) diff --git a/privexec/privexec.c b/privexec/privexec.c new file mode 100644 index 0000000..1b7a54e --- /dev/null +++ b/privexec/privexec.c @@ -0,0 +1,72 @@ +#define _POSIX_C_SOURCE 200809L +#include +#include +#include +#include + +#ifndef PATH_CHECK +#define PATH_CHECK "/usr/local/lib/privexec/check" +#endif + +#ifndef PATH_EXEC +#define PATH_EXEC "/usr/local/lib/privexec/exec" +#endif + +static int exec_with_privileges(char *argv[]) +{ + argv[0] = PATH_EXEC; + execv(argv[0], argv); + perror(argv[0]); + return 1; +} + +static int check_privileges(char *argv[]) +{ + argv[0] = PATH_CHECK; + pid_t pid = 0; + if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL) != 0) { + perror(PATH_CHECK); + return 1; + } + + int status = 1; + if (waitpid(pid, &status, 0) != 0) { + perror(PATH_CHECK); + return 1; + } + + return status; +} + +int main(int argc, char *argv[]) +{ + const char *name = argv[0]; + if (name == NULL) { + fprintf(stderr, "NULL execution not supported\n"); + return 1; + } + + /* no options, but allow for -- */ + int c; + while ((c = getopt(argc, argv, "")) != -1) { + switch (c) { + default: + return 1; + } + } + + argc -= (optind - 1); + argv += (optind - 1); + + if (argc < 2) { + printf("%s: missing operands\n", name); + return 1; + } + + if (check_privileges(argv) == 0) { + return exec_with_privileges(argv); + } + + /* error message already displayed by check_privileges() */ + return 1; +} -- cgit v1.2.1