Andrew Geissler | 615f2f1 | 2022-07-15 14:00:58 -0500 | [diff] [blame] | 1 | #!/usr/bin/env python3 |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 2 | # |
| 3 | # Script used for running executables with custom labels, as well as custom uid/gid |
| 4 | # Process label is changed by writing to /proc/self/attr/curent |
| 5 | # |
| 6 | # Script expects user id and group id to exist, and be the same. |
| 7 | # |
| 8 | # From adduser manual: |
| 9 | # """By default, each user in Debian GNU/Linux is given a corresponding group |
| 10 | # with the same name. """ |
| 11 | # |
Andrew Geissler | 615f2f1 | 2022-07-15 14:00:58 -0500 | [diff] [blame] | 12 | # Usage: root@desk:~# python3 notroot.py <uid> <label> <full_path_to_executable> [arguments ..] |
| 13 | # eg: python3 notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1 |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 14 | # |
| 15 | # Author: Alexandru Cornea <alexandru.cornea@intel.com> |
| 16 | import os |
| 17 | import sys |
| 18 | |
| 19 | try: |
| 20 | uid = int(sys.argv[1]) |
| 21 | sys.argv.pop(1) |
| 22 | label = sys.argv[1] |
| 23 | sys.argv.pop(1) |
| 24 | open("/proc/self/attr/current", "w").write(label) |
| 25 | path=sys.argv[1] |
| 26 | sys.argv.pop(0) |
| 27 | os.setgid(uid) |
| 28 | os.setuid(uid) |
| 29 | os.execv(path,sys.argv) |
| 30 | |
Andrew Geissler | 615f2f1 | 2022-07-15 14:00:58 -0500 | [diff] [blame] | 31 | except Exception as e: |
| 32 | print(e.strerror) |
| 33 | sys.exit(-1) |