planning comments

noproxy
Alessandro Mauri 4 years ago
parent 8fef02de37
commit 981fed3499
  1. 19
      us.c

19
us.c

@ -1,12 +1,12 @@
#define _POSIX_C_SOURCE 200809L #define _POSIX_C_SOURCE 200809L
#include <sys/types.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h> #include <string.h>
#include <sys/types.h> #include <errno.h>
#include <pwd.h> #include <pwd.h>
#include <unistd.h>
#include <security/pam_appl.h> #include <security/pam_appl.h>
#include <security/pam_misc.h> #include <security/pam_misc.h>
@ -18,6 +18,7 @@ static struct pam_conv conv = {misc_conv, NULL};
int main (int argc, char *argv[]) int main (int argc, char *argv[])
{ {
// FIXME: change the default program to execute SHELL
if (argc < 2) { if (argc < 2) {
usage(); usage();
exit(1); exit(1);
@ -57,6 +58,8 @@ int main (int argc, char *argv[])
} }
// FIXME: check again for the validity of the login for more security // FIXME: check again for the validity of the login for more security
// as in: https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/pam-20/index.html // as in: https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/pam-20/index.html
// FIXME: ^C [SIGINT] will interrupt this call possibly causing a
// vulnerability
pam_end(pamh, pam_err); pam_end(pamh, pam_err);
// TODO: clean up env // TODO: clean up env
@ -101,6 +104,14 @@ int main (int argc, char *argv[])
static inline void usage (void) static inline void usage (void)
{ {
// TODO: planned options
// -a [program]: like sudo's askpass
// -u [user]: change the default user from root to user
// -g [group]: change the primary group to [gorup]
// both -a and -g will accept numbers with #[num] like sudo
// -c [file]: manually select config file
// something about environment
// something about non interactiveness
printf("usage: us [command]\n"); printf("usage: us [command]\n");
} }
@ -116,9 +127,11 @@ static int perm_set (uid_t uid, gid_t gid)
// $ sudo id // $ sudo id
// and check the output // and check the output
int err = 0; int err = 0;
// FIXME: using setresuid() and setresgid() is preferred
if ((err = seteuid(uid)) == -1) if ((err = seteuid(uid)) == -1)
return err; return err;
else if ((err = setegid(gid)) == -1) else if ((err = setegid(gid)) == -1)
return err; return err;
// FIXME: to set the group list use initgroups()
return err; return err;
} }

Loading…
Cancel
Save