Workaround when setuid is ignored

I posted about 'sudo-sh', a replacement for sudo:

https://bkhome.org/news/202306/light-weight-replacement-for-sudo.html

Then about electron-based apps ignoring the setuid bit on executables:

https://bkhome.org/news/202306/electron-ignores-suid-on-binaries.html

I have implemented a workaround. /usr/bin/sudo-sh.c now has this code at the beginning:

 //the idea is that if sudo-sh setuid has been ignored (ex: electron app)
 //then write the params to sudosh_pass file, which will be read by /root/Startup/sudo-sh-ipc
 //which will call /usr/bin/sudo-sh as root, with the params.
 int euid = geteuid();
 if (euid != 0) {
  char ipcfile[] = "/tmp/pup_event_ipc/sudosh_pass";
  char outmsg[512];
  int x;
  //argv[0] is name of this prog, ignore that...
  outmsg[0]=0;
  for (x=1; x<argc; x++) {
   strcat(outmsg,argv[x]);
   strcat(outmsg," ");
  }
  int ipcdescr = open(ipcfile, O_WRONLY|O_APPEND); //|O_CREAT
  if (ipcdescr > 0) {
   int wr = write(ipcdescr,outmsg,strlen(outmsg));
   close(ipcdescr);
  }
  //wait for ack from /root/Startup/sudo-sh-ipc...
  system("inotifywait -q -q -t 2 -e modify /tmp/pup_event_ipc/sudosh_ack");
  exit(0);
 }

There is a daemon, /root/Startup/sudo-sh-ipc, that will execute the required setuid binary as the root user. Commit:

https://github.com/bkauler/woofq/commit/10e9cf0860c8df30fb105cedfc107636138d8cf3

Can't say that I'm happy with this. The workaround is a hack and has some limitations.  

Tags: easy