sud - superuser daemon

current version: download sud 1.3 | md5 | browse | examples | useful links

Description

sud is a daemon to execute interactive and non-interactive processes with special (and customizable) privileges in a nosuid environment

Some advantages are:

  • you can switch to root privileges on a remote machine and keep its disks mounted with nosuid flag
  • your client will be authenticated by getting effective credentials via unix socket
  • you can't brute force or try to exploit code unless you're in the authgroup (you don't have permission to open a client connection)
  • you can drop privileges and use sud to implement a suid program in a nosuid environment

New Features

  • added multiple services in the same configuration file every service is in the form label { parameters... }
  • added general daemon options with label = options
  • added general service options with label = default
  • added SO_PEERCRED linux support
  • added SIGHUP, SIGUSR1 support
  • added emergency service
  • signals are now more reliable based on self-pipe trick
  • sessions are now queued in a list
  • introduction of three new modes: read (alias command), blind (alias write) and readwrite. these are very useful to emulate setuid programs which don't need a terminal and to redirect stdin and stdout to suipfiles
  • changes in suz client in order to support new modes
  • improvements in SIGWINCH management
  • minor changes and new options for services

Options

       The following options are available:

       -f configfile
              parse configfile (default: /etc/sud.conf)

       -n     do not daemonize

       -p pidfile
              pidfile (default: /var/run/sud.pid)

       -t terminal
              set a default terminal for services

       -v     print version

Options for the daemon

       The following entries  are  available  in  /etc/sud.conf  in  the  form
       options { entries }

       daemonize { yes, no }
              calls daemon(3)

       emergency = filename
              this  is an interactive suipfile which will be called and binded
              on /var/run/emergency.unix [default: ilogin] when: there  is  no
              services  on  your  configuration  file;  all  sud services were
              killed or there is a mistake on your configuration  file.   This
              option helps you to manage a remote configuration file by grant-
              ing a service if an error occurs

       etries = number
              this option sets how many times sud will  try  to  execute  your
              emergency  session  this is useful for example if a fork bombing
              attack occurs while sud is trying to bind your emergency service

       pidfile = filename
              locking  file to make certain that only a sud program is running
              for your configuration you can  execute  more  sud  programs  by
              invoking sud with -p and -f options

Entries for services

       The  following  entries are available in /etc/sud.conf in the form ser-
       vice { entry = value ... } There is a  special  service  which  can  be
       specified  for  default  entries, every entry that is not specifed in a
       particular service will be  set  to  default  value.  Form:  default  {
       entries.. }

       suipfile = filename
              this  is  the  superuser  interface  program  (by  default it is
              /usr/sbin/ilogin).  You can set it to what you want  to  execute
              after  getting  authenticated  (ex.  login, su, sh) you can pass
              arguments   using   double   quotes    example:    suipfile    =
              "/usr/bin/login -f root"

       sockfile = filename
              the  socket  file  name  (full  path)  (default:  /var/run/{ser-
              vice}.unix) you can use -p option in suz to connect to this file

       utname = string
              ut_name  field  in  utmp  structure. if this is not set, ut_name
              will be the user specified in setuser or root if it is  not  set
              this  option makes sense only if your service is interactive and
              dologin is specified for your service

       uthost = string
              ut_host field in utmp structure. Use this if you want  to  iden-
              tify  a  sud  login.  It accepts double quotes string. default =
              NULL example: uthost = "sud_auth" this options makes sense  only
              if your service is interactive and dologin is specified for your
              service

       dologin = {yes, no}
              performs login() and logout() functions.  this is only useful if
              your service is in interactive mode

       authgroup = string
              this  is  the group for sockfile and is used to verify effective
              credentials if authgroup is set to noauth the sockfile  will  be
              accessible to everyone and there will not be check on the groups
              default = 0 (this means gid 0)

       log = {yes, no}
              report successful authentication. if it is  set  to  "no",  only
              failed authentication will be logged for this service

       mode = {interactive, read, write, readwrite}
              there are various modes which sud can support for your commands.

       interactive mode opens a terminal and emulate a remote environmnent for
       your  service;  this  is useful for programs like login or network ser-
       vices

       read mode permits you to execute a program and to give only its output,
       example:  suipfile = "/bin/ls /root" this is useful to emulate suidfile
       in general; command is an alias for this mode

       write mode permits you to execute a program and to  give  you  a  blind
       mode:  you write a command but output is not redirected to your client,
       blind is an alias for this mode

       readwrite is like interactive mode but it doesn't open a pseudo  tty,  this
       is  useful  if you want to execute pipe commands like: echo ls | suz -p
       /var/run/rwserv -n and to redirect standard output

       setuser = string
              this is useful if you want to drop privileges  before  executing
              suipfile example: setuser=sysadmin you can also set user to your
              uid by using $myuid variable setuser=$myuid

       seteuser = string
              seteuser tries to emulate a setuid condition by setting real uid
              to setuser id and effective, saved uid to seteuser id.  example:
              setuser=$myuid  seteuser=uucp  emulates  a  setuid   uucp   file
              seteuser requires setuser

       setgroup = string
              use  this  option  if you want to set suipfile running with this
              group example: setgroup=kmem you can  also  set  group  to  your
              gid/s by using $mygid variable setgroup=$mygid

       setegroup = string
              setegroup  tries  to  emulate a setgid condition by setting real
              gid to setgroup id and effective, saved  gid  to  setegroup  id.
              setegroup requires setgroup

       pidfile = filename
              locking file to make certain that only a copy of this service is
              running on a sockfile default: /var/run/{service}.unix

       nclients = number
              this is the backlog in listen()

       terminal = string
              your terminal emulation for this  service  example:  terminal  =
              vt100

       timeout = number
              timeout in seconds for a session (default = 0)

Signals

       SIGUSR1, SIGHUP reparse your configuration file

Supported Platforms

Tested on: OpenBSD, FreeBSD, NetBSD, Linux
SourceForge.net Logo Valid HTML 4.01!