SUIDWGEN

setuid wrapper generator

Requirements

• gcc
• sudo
• openssl (optional for hash protection)

Installation

No installation needed, just checkout this repository!

Generating a wrapper

To generate a wrapper run:

make warpper SCRIPT=super-secure.php INTERPRETER=/usr/bin/php

You can configure a bunch of checks done by the wrapper by passing flags to make : see the section below. After the first step you will have three new files. Named super-secure.php-root , super-secure.php-root-wrapper.c and super-secure.php-root-wrapper.

Now you have to prepare the script you want to be run as privileged user, this can be done via make:

make secure SCRIPT=super-secure.php

Note: you can change the owner and group of the script and wrapper by passing USER=someuser to make

or manually:

chmod 700 [super-secure.php] #this will prevent normal users from running and changing the script
chown root:root [super-secure.php] # root or any other privileged user:group

NOTE: it is super important that normal users are unable to change the script!

After this is done you have to configure the wrapper:

chmod 711 [super-secure.php-root-wrapper]
chmod a+s [super-secure.php-root-wrapper] # this will set the uid bit
chmod u+rwx [super-secure.php-root-wrapper]
chown root:root [super-secure.php-root-wrapper] # root or any other privileged user:group

Now you should be able to call ./super-secure.php-wrapper with your unprivileged user and run your [super-secure.php] script as root or any other user.

Flags & Wrapper Checks

You can configure the wrapper by passing flags like this:

make wrapper CHECK_SCRIPT_NOT_WRITABLE=1

The flags are:

• CHECK_SCRIPT_NOT_WRITABLE 1 or 0: Check if the script is not writable by any one but the owner.
• CHECK_SCRIPT_NOT_READABLE 1 or 0 : Check if the script is not readable by any one but the owner.
• CHECK_SCRIPT_ONLY_USR_EXEC 1 or 0: Check if the script is only executable by the owner.
• CHECK_SAME_OWN 1 or 0: Check if the script and the wrapper have the same owner.
• CHECK_SAME_GRP 1 or 0: Check if the script and the wrapper have the same group.
• CHECK_NOT_ROOT_U 1 or 0: Check if the owner is not root, this is disabled by default.
• CHECK_NOT_ROOT_G 1 or 0: Check if the group is not root, this is disabled by default.
• CHECK_HASH 1 or 0: Check if the hash of the file matches a precalculated hash.
• CHECK_MAX_ARGS 1 or 0: Check the number of arguments passed to the script.
• MAX_ARGS a number 0 to 1000: This settings depends on CHECK_MAX_ARGS. Limit the number of arguments passed to the script to a positive integer.
• UNSET_ENV 1 or 0: Unset the environment for the script.
• DEBUG 1 or 0: This is disabled by default. Set it to 1 to get some error logging.
• USER a username Change the user under which the wrapper will be executed. Default is root.

Example

Run:

make all SCRIPT="example/script.php" INTERPRETER=/usr/bin/php ; ./example/script.php-root-wrapper ";)"

Wrapper Return Codes

• 0 Everything is cool

• 1: More then MAX_ARGS arguments are passed to the wrapper.

• 4: Failed to set the uid.

• 5: Failed to set the gid.

• 6: The script is writable by other users then the owner.

• 7: The script is readable by other users then the owner.

• 8: The script is executable by other users then the owner.

• 9: The owners of the script and the wrapper are differing.

• 10: The group of the script and the wrapper are differing.

• 11: The wrapper does not run as user root.

• 12: The wrapper does not run as group root.

• 13: Failed to hash the script.

• 14: The hash of the script and the stored hash in the wrapper are differing.

• 15: Failed to open the script for reading.

• > 100: Use this error range indicate errors thrown from the script.

• > 200

  ​

  ​