I'll be getting back to the regular code in a bit. For now, here's a tiny code fragment I'm using, now recorded here for posterity. I'm in a little shock - this is the only C code I use anymore.

Sometimes, you need to run a script as root. This is a little bit of C code that does that. The program compiles, and you chmod it to setuid, and chown it root.

#define SCRIPT "/usr/local/buildserver/setup_web"
main(argc, argv)
char **argv;
{
    setuid(0);
    seteuid(0);
    execv(SCRIPT, argv);
}

Yikes! I didn't know I still had old K&R C lying around. I thought that went out of fashion at the same time as Michael Jackson's "Bad" album.

The main() should be: main(int argc, char *argv[])

It's also uncool to pass argv to the script. Setuid proxies can filter the arguments so that the script exposes a limited interface to root. Maybe this library could help impose some order.

Why This Was Written

Normally, I write setuid scripts in perl[1], but had some problems working around PHP's path restrictions. Rather than reconfigure PHP to work with my script, I just compiled this setuid proxy, put it into the PHP docroot, and PHP had no complaints.

1. Setuid Perl scripts are safer than C programs through a dataflow tracing mechanism that prevents many stupid security holes. -- the perl man page.