:: [DNG] sup - a "small is beautiful" …
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jaromil
Datum:  
To: dng
Betreff: [DNG] sup - a "small is beautiful" tool for UNIX privilege escalation

dear devuaneers, suckless hackers and friends of simplicity

In the past days we are working hard on Devuan, but also on our
dyne.org project Dowse whose prototype is based on an RPi version of
Devuan.

Thinkering on the security model in Dowse and other projects, parazyd
found the 'sup' tool to be ideal: originally written by the good folks
at suckless.org, its minimalist approach to privilege escalation is
enlightening in its simplicity.

Basically sup is an hard-coded sudo.

I adopted the software (wrote a mail to pancake, pending response) and
proceeded improving some things: added musl-libc production build
capability to defend the binary from LD_SO_PRELOAD attacks and also
added the optional sha256 hash check of binary files.

in the hope it will be useful, sup is available here (LGPLv3)

https://git.devuan.org/jaromil/sup

to stay up to date with future releases, one can also keep an eye here

http://freshcode.club/projects/sup

and for those who prefer github is mirrored also here

https://github.com/dyne/sup

here below I paste the README, happy hacking

-----
# sup
## a "small is beautiful" tool for UNIX privilege escalation

sup is a very small and secure C application. it is designed to run as
root (with suid bit on) to facilitate the privilege escalation of
users to execute certain programs as superuser.

all settings in sup are hard-coded at compile time. sup is very
portable and self-contained, designed for production use as a static
binary. sup is a sort of hard-coded sudo: it is an ideal companion for
artisans building small containers and embedded systems.

the latest version of sup can be found on
https://git.devuan.org/jaromil/sup and on its mirrors at dyne.org and
github.com.

## why are you whispering?

as you may have realised already, sup is so minimal that all its
documentation is written lowercase. it was originally written in 2009
by pancake of nopcode.org and maintained until 2011 as part of the
suckless tools. in 2016 sup is being adopted by jaromil of dyne.org,
extending its features to support static build with
[http://www.musl-libc.org/](musl-libc) and hardcoded sha256 hashing of
binary files.

## configure

sup's configuration resides in config.h and should be set before
building. here below an intuitive example

```c
#define USER 1000
#define GROUP -1

#define SETUID 0
#define SETGID 0

#define CHROOT ""
#define CHRDIR ""

#define HASH 1

#define ENFORCE 1

static struct rule_t rules[] = {
    // allow user to run these programs when found in path location
    { USER, GROUP, "whoami",   "/usr/bin/whoami", "" },
    { USER, GROUP, "ifconfig", "/sbin/ifconfig",  "" },
    { USER, GROUP, "ls",       "/bin/ls",         "" },
    { USER, GROUP, "wifi",     "/root/wifi.sh",   "" },
    // allow to run id when found in PATH with matching hash
    { USER, GROUP, "id",       "*", "db533b77fc9e262209a46e0f.." },
     // allow to run any program found in PATH
    { USER, GROUP, "*",        "*"},
    { 0 }, // end of configuration
};
```
Fields are organized as following:


| UID | GUID | binary name | binary path | hash (optional) |


- `UID` is the numeric id which must own the binary for authorized
execution
- `GID` is the numeric group id which must own the binary for
authorized execution (can be -1 for none)
- `hash` can be computed before build using sha256sum (GNU coreutils)

using `sup -l` the configuration can be displayed at runtime.

## build

sup requires a C compiler and the GNU make tool to be built.

a simple `make` command will build a sup binary good enough for
evaluation purposes, with dynamic links to the libm and libc libraries
installed system-wide.

for production use sup should be built as a static binary: this is
easily done by first installing musl-libc in its default location and
then using the `make musl` command.

## technical details

sup consists of 3 files: sup.c is the main source and config.h is the
configuration, hardcoded at compile time. sha256.c is optional and
provides the hashing functionality if the define HASH is set.

sup is written in ANSI C with POSIX1.b compliancy for GNU/Linux and
BSD systems. it uses `setuid/gid` for privilege escalation and
`execv()` to launch processes as superuser.

## licensing

sup is copyleft software licensed as GNU Lesser Public License
(LGPLv3). when compiled with hashing capability, its license turns
into GNU GPLv2 because of the sha256 component.

```
sup is copyleft (c) 2009-2011 by pancake of nopcode.org
                (c) 2016      by jaromil of dyne.org


the FIPS-180-2 sha-256 implementation optionally included in sup is
copyleft (c) 2001-2003 by Christophe Devine
```





-- 
Denis Roio aka Jaromil   http://Dyne.org think &do tank
  CTO and co-founder      free/open source developer
加密  6113 D89C A825 C5CE DD02 C872 73B3 5DA5 4ACB 7D10