/* * Copyright (c) 2021, Jesse Buhagiar * Copyright (c) 2021, Andreas Kling * * SPDX-License-Identifier: BSD-2-Clause */ #include #include #include #include #include #include #include ErrorOr serenity_main(Main::Arguments arguments) { Vector command; Core::ArgsParser args_parser; uid_t as_user_uid = 0; args_parser.add_option(as_user_uid, "User to execute as", nullptr, 'u', "UID"); args_parser.add_positional_argument(command, "Command to run at elevated privilege level", "command"); args_parser.parse(arguments); TRY(Core::System::pledge("stdio rpath exec id tty")); TRY(Core::System::seteuid(0)); auto as_user = TRY(Core::Account::from_uid(as_user_uid)); // If the current user is not a superuser, make them authenticate themselves. if (auto uid = getuid()) { auto account = TRY(Core::Account::from_uid(uid)); if (account.has_password()) { auto password = TRY(Core::get_password()); if (!account.authenticate(password)) return Error::from_string_literal("Incorrect or disabled password."sv); } } TRY(Core::System::pledge("stdio rpath exec id")); TRY(Core::System::setgid(0)); TRY(Core::System::setuid(as_user_uid)); TRY(Core::System::pledge("stdio rpath exec")); Vector exec_arguments; for (auto const& arg : command) exec_arguments.append(arg); exec_arguments.append(nullptr); Vector environment_strings; if (auto* term = getenv("TERM")) environment_strings.append(String::formatted("TERM={}", term)); Vector exec_environment; for (auto& item : environment_strings) exec_environment.append(item.characters()); exec_environment.append(nullptr); if (execvpe(command.at(0), const_cast(exec_arguments.data()), const_cast(exec_environment.data())) < 0) { perror("execvpe"); exit(1); } return 0; }