Lightweight sudo-like program for Linux written in Rust
Ir para arquivo
Albert S bb0b2886e9 Fix embarassing, basic path traversal attack
Fix the most embarassing kind of path traversal vulnerability
imaginable for such a tool.

You could simply run raou ../../../../tmp/evil_entry

The C version contained various check on the config dir and its
entries which would have prevented this attack. In this port,
the checking functions were deemed unnecessary, as they
did lots of redundant checks too. Unfortunately, I missed this
trivial attack when I decided not to port them.

At the plus side, I found this now myself while sleep-deprived, so
there may be some hope for me after all.

Also, you should not use some non-released software from some
guys git ;-)
2020-09-14 19:44:08 +02:00
src Fix embarassing, basic path traversal attack 2020-09-14 19:44:08 +02:00
Cargo.lock Updated dependencies 2020-07-09 00:10:51 +02:00
Cargo.toml initial commit 2018-10-04 20:45:29 +02:00
install.sh initial commit 2018-10-04 20:45:29 +02:00
README.md improved README format 2019-08-11 12:18:15 +02:00

raou

raou is a lightweight sudo-like tool for Linux. It allows a user to execute programs as another user without entering the password. However, the programs (including the parameters) a user can run are explicitly specified by the administrator.

Originally written in C, it's now reimplemented in Rust.

By default, raou looks in /etc/raou.d/ for config files. If you run "raou backup", it will look for /etc/raou.d/backup.

Example config file:

user john
target_user root
path /usr/local/bin/script.sh

user is the name of the user who you want to give permissions to execute path as the target_user.

path must contain the absolute path.

Optional fields

args: If you want to leave out optional arguments (argv) to path, simply don't include this. Otherwise, simply specify them

...
args -v -ltr 

allow_args: Allow arbitrary arguments, so:

raou backup /path

Will launch "path" as specified in the file for the backup entry with "/path" as argv[1] instead of the argument specified with "args" in the config file.

no_new_privs: Defaults to 1. Processes launched with this option active won't be able to gain more privileges, even when they call setuid programs.

env_vars: A comma-separated list of environment variables to inherit from the current environment. Everything else will be wiped (but others like HOME, SHELL etc. will be appropriately set).

argv0: Set this option if you want to provide your own value as "argv0" The default is the name of the launched binary (not the whole path).