site  contact  subhomenews

Light-weight replacement for sudo

June 26, 2023 — BarryK

I posted a couple of days ago, taken out the 'sudo' package and just using 'su':

On reflection, that has various limitations and potential issues, so had a rethink and came up with something else, that does not use 'su'. Starting from the beginning, a script, say /usr/sbin/bootmanager now has this at the beginning:

if [ "$(whoami)" != "root" ];then
if [ -x /usr/bin/sudo-sh ];then
exec sudo-sh ${PPID} ${0} ${@}
exec sudo -A ${0} ${@}

This checks for the existence of a binary executable, /usr/bin/sudo-sh and if exists will use it install of the normal sudo. 'sudo-sh' is a wrapper for a script, /usr/bin/ I got the idea from reading the posts here:

I came up with what looks like a secure way to run a script, ''. This is the binary executable, /usr/bin/sudo-sh:

//wrapper to run, see /usr/sbin/bootmanager example.
//sudo-sh must be root:root 4711 (setuid). root:root 0700
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
int main(int argc, char *argv[], char *envp[]) {
//the above works, but maybe, very maybe, a security weakness:
//so do it this way, run the ash interpreter here...
//also, don't pass envp...

extern char **environ;
char *lang;
char langenv[] = "LANG=";
char *display;
char displayenv[] = "DISPLAY=";

char *envp2[] = { displayenv,

//i don't know C well enough to do this for an arbitrary # of params...
//note, argv[0] has name of this script. argv[1] has pid of caller-of-caller
char binash[] = "/bin/ash";
char ash[] = "ash";
char sudosh[] = "/usr/bin/";
//if (argc==2) execle(binash,ash,sudosh,argv[1],(char*) NULL,envp2);
if (argc==3) execle(binash,ash,sudosh,argv[1],argv[2],(char*) NULL,envp2);
if (argc==4) execle(binash,ash,sudosh,argv[1],argv[2],argv[3],(char*) NULL,envp2);
if (argc==5) execle(binash,ash,sudosh,argv[1],argv[2],argv[3],argv[4],(char*) NULL,envp2);
if (argc==6) execle(binash,ash,sudosh,argv[1],argv[2],argv[3],argv[4],argv[5],(char*) NULL,envp2);
if (argc==7) execle(binash,ash,sudosh,argv[1],argv[2],argv[3],argv[4],argv[5],argv[6],(char*) NULL,envp2);

'sudo-sh' has 4711 permissions, '' has 0700. The binary passes control to the script, which can be seen here:

If a non-root app tries to run 'bootmanager', this window will popup:


...the help button explains how permission to run bootmanager without password can be reverted, if you change your mind.

This is pretty neat. The default is to always ask for a password. Another example is the /usr/bin/xdg-open script -- if a non-root app tries to run it, that window will pop up.

An interesting point about xdg-open. If it is used to open the browser, administrator password is requested; however, the browser itself will still run non-root. Chromium as user 'chromium.    

Tags: easy