Rexec

$BRANCH	hw05x
$DEADLINE	2022-10-30 24:00
$POINTS	10

Table of Contents

Assignment
Notes
Requirements
Security Considerations

Assignment

Implement a program akin to su(1) and sudo(1) that will allow user to run commands with arbitrary credentials:

$ rexec [OPTIONS] COMMAND [ARGUMENTS…]

The options shall allow to modify the following process credentials:

Real User ID
Effective User ID
Real Group ID
Effective Group ID
Supplementary Groups

These parameters shall be set either by numeric value or by name. If a number is used, the specified entity does not need to exist in the system.

How exactly these options are named is up to you. You can get an inspiration from the example solution.

Notes

Do not forget to read Security Considerations below!

To actually allow your program to arbitrarily change IDs, you either need to set Set-UID and Set-GID bits on the compiled binary when owned as root:

$ sudo chown root: id
$ sudo chmod u+s,g+s id

or (and this is a tiny bit safer, as it will only allow the binary to change IDs (though executed commands will technically be able to do anything)) by adding CAP_SETUID and CAP_SETGID capabilities:

$ sudo setcap cap_setuid,cap_setgid+pe id

You can add this code to your Makefile as setup target without sudo (so that you have to add sudo before make yourself to remember that this is potentially dangerous operation). Also see Security Considerations below.

Requirements

Provide a Makefile with usual targets all and clean.

Security Considerations

This program can damage your system!

Read this section carefully.

Pay extreme caution when running the Set-UID or CAP_SETUID binary, as it allows the executed command to acquire superuser privileges.

There are some ways to mitigate the risks:

Always try rexec with your or system id. Do not try other commands, especially not rm or programs you do not trust.

If you want to be extra careful, install Docker, make yourself a member of docker group, and try the rexec as root in the container:

$ docker pull ubuntu:latest
$ docker run --rm -it --mount type=bind,source=$PWD,destination=/src ubuntu:latest

You should get a shell inside the container running as `root`. Here you can
run the command without setting elevated capabilities on the binary.

The problem with this solution is that sometimes you will need to recompile
the program inside the container.

Alternatively, use Podman instead of Docker. It is a bit more cumbersome to set up, but it should let you run rootless containers. Maybe.
Finally, the safest option is a virtual machine. Nothing done in it should affect your host system in any way.

Lastly, do not leave the program with elevated privileges laying around in your computer, as you can forget about it and when you leave the computer unattended later, someone might use it to gain root shell in your system.

Always use make clean when you are done with the program.