/* * swrap by Davide Libenzi (secure exec wrapper) * Copyright (C) 2003..2010 Davide Libenzi * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * Davide Libenzi * */ #include #include #include #include #include #include static void usage(char *prg) { fprintf(stderr, "%s {-u UID, -U UNAME} {-g GID, -G GNAME} CMD [PARAM ...]\n", prg); exit(1); } int main(int ac, char **av) { int i; uid_t uid = (uid_t) -1; gid_t gid = (gid_t) -1; char const *uname = NULL, *gname = NULL; while ((i = getopt(ac, av, "+u:U:g:G:h")) != EOF) { switch (i) { case 'u': uid = atoi(optarg); break; case 'U': uname = optarg; break; case 'g': gid = atoi(optarg); break; case 'G': gname = optarg; break; case 'h': usage(av[0]); } } if (uname != NULL) { struct passwd *pwn; if ((pwn = getpwnam(uname)) == NULL) { perror(uname); return 2; } uid = pwn->pw_uid; } if (gname != NULL) { struct group *grn; if ((grn = getgrnam(gname)) == NULL) { perror(gname); return 3; } gid = grn->gr_gid; } if (uid == (uid_t) -1 || gid == (gid_t) -1 || optind >= ac) usage(av[0]); if (setgid(gid)) { perror("Setting group"); return 4; } if (setuid(uid)) { perror("Setting user"); return 5; } execvp(av[optind], &av[optind]); perror(av[optind]); return 6; }