Description
sud is a daemon to execute interactive and non-interactive processes with special (and customizable) privileges in a nosuid environment
Some advantages are:
- you can switch to root privileges on a remote machine and keep its disks mounted with nosuid flag
- your client will be authenticated by getting effective credentials via unix socket
- you can't brute force or try to exploit code unless you're in the authgroup (you don't have permission to open a client connection)
- you can drop privileges and use sud to implement a suid program in a nosuid environment
New Features
- added multiple services in the same configuration file every service is in the form label { parameters... }
- added general daemon options with label = options
- added general service options with label = default
- added SO_PEERCRED linux support
- added SIGHUP, SIGUSR1 support
- added emergency service
- signals are now more reliable based on self-pipe trick
- sessions are now queued in a list
- introduction of three new modes: read (alias command), blind (alias write) and readwrite. these are very useful to emulate setuid programs which don't need a terminal and to redirect stdin and stdout to suipfiles
- changes in suz client in order to support new modes
- improvements in SIGWINCH management
- minor changes and new options for services
Options
The following options are available:
-f configfile
parse configfile (default: /etc/sud.conf)
-n do not daemonize
-p pidfile
pidfile (default: /var/run/sud.pid)
-t terminal
set a default terminal for services
-v print version
Options for the daemon
The following entries are available in /etc/sud.conf in the form
options { entries }
daemonize { yes, no }
calls daemon(3)
emergency = filename
this is an interactive suipfile which will be called and binded
on /var/run/emergency.unix [default: ilogin] when: there is no
services on your configuration file; all sud services were
killed or there is a mistake on your configuration file. This
option helps you to manage a remote configuration file by grant-
ing a service if an error occurs
etries = number
this option sets how many times sud will try to execute your
emergency session this is useful for example if a fork bombing
attack occurs while sud is trying to bind your emergency service
pidfile = filename
locking file to make certain that only a sud program is running
for your configuration you can execute more sud programs by
invoking sud with -p and -f options
Entries for services
The following entries are available in /etc/sud.conf in the form ser-
vice { entry = value ... } There is a special service which can be
specified for default entries, every entry that is not specifed in a
particular service will be set to default value. Form: default {
entries.. }
suipfile = filename
this is the superuser interface program (by default it is
/usr/sbin/ilogin). You can set it to what you want to execute
after getting authenticated (ex. login, su, sh) you can pass
arguments using double quotes example: suipfile =
"/usr/bin/login -f root"
sockfile = filename
the socket file name (full path) (default: /var/run/{ser-
vice}.unix) you can use -p option in suz to connect to this file
utname = string
ut_name field in utmp structure. if this is not set, ut_name
will be the user specified in setuser or root if it is not set
this option makes sense only if your service is interactive and
dologin is specified for your service
uthost = string
ut_host field in utmp structure. Use this if you want to iden-
tify a sud login. It accepts double quotes string. default =
NULL example: uthost = "sud_auth" this options makes sense only
if your service is interactive and dologin is specified for your
service
dologin = {yes, no}
performs login() and logout() functions. this is only useful if
your service is in interactive mode
authgroup = string
this is the group for sockfile and is used to verify effective
credentials if authgroup is set to noauth the sockfile will be
accessible to everyone and there will not be check on the groups
default = 0 (this means gid 0)
log = {yes, no}
report successful authentication. if it is set to "no", only
failed authentication will be logged for this service
mode = {interactive, read, write, readwrite}
there are various modes which sud can support for your commands.
interactive mode opens a terminal and emulate a remote environment for
your service; this is useful for programs like login or network ser-
vices
read mode permits you to execute a program and to give only its output,
example: suipfile = "/bin/ls /root" this is useful to emulate suidfile
in general; command is an alias for this mode
write mode permits you to execute a program and to give you a blind
mode: you write a command but output is not redirected to your client,
blind is an alias for this mode
readwrite is like interactive mode but it doesn't open a pseudo tty, this
is useful if you want to execute pipe commands like: echo ls | suz -p
/var/run/rwserv -n and to redirect standard output
setuser = string
this is useful if you want to drop privileges before executing
suipfile example: setuser=sysadmin you can also set user to your
uid by using $myuid variable setuser=$myuid
seteuser = string
seteuser tries to emulate a setuid condition by setting real uid
to setuser id and effective, saved uid to seteuser id. example:
setuser=$myuid seteuser=uucp emulates a setuid uucp file
seteuser requires setuser
setgroup = string
use this option if you want to set suipfile running with this
group example: setgroup=kmem you can also set group to your
gid/s by using $mygid variable setgroup=$mygid
setegroup = string
setegroup tries to emulate a setgid condition by setting real
gid to setgroup id and effective, saved gid to setegroup id.
setegroup requires setgroup
pidfile = filename
locking file to make certain that only a copy of this service is
running on a sockfile default: /var/run/{service}.unix
nclients = number
this is the backlog in listen()
terminal = string
your terminal emulation for this service example: terminal =
vt100
timeout = number
timeout in seconds for a session (default = 0)
Signals
SIGUSR1, SIGHUP reparse your configuration file