From owner-freebsd-current  Sun Jan 28 21:57:54 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id VAA05845
          for current-outgoing; Sun, 28 Jan 1996 21:57:54 -0800 (PST)
Received: from time.cdrom.com (time.cdrom.com [192.216.222.226])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id VAA05836
          for <current@freebsd.org>; Sun, 28 Jan 1996 21:57:51 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by time.cdrom.com (8.6.12/8.6.9) with SMTP id VAA17707 for <current@freebsd.org>; Sun, 28 Jan 1996 21:57:46 -0800
To: current@freebsd.org
Subject: Please test this on your system (and see if you crash)
Date: Sun, 28 Jan 1996 21:57:46 -0800
Message-ID: <17705.822895066@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-current@freebsd.org
Precedence: bulk

Yes, this program may hose you.  It hoses me, so be careful trying it
out.

Its function is to allow anyone in group wheel to execute commands as
arbitrary users and it should be run setuid to root.  In 2.1 it works
fine, in 2.2 I get a very strange lock-up which may just be me, thus
this email for confirmation.

Thanks!

					Jordan
----


#include <stdio.h>
#include <unistd.h>
#include <sys/param.h>
#include <pwd.h>

#define WHEEL_GID 0

extern int errno;

main (argc, argv, envp)
int argc;
char *argv[];
char *envp[];
{
    char *shell, *name;
    struct passwd *ent;
    char **av = argv;
    char ps1[128];
    gid_t gids[NGROUPS];
    int i, ng, ac = argc;
    
    if ((ng = getgroups(NGROUPS, gids)) < 0) {
	perror("getgroups");
	return 1;
    }
    for (i = 0; i < ng; i++)
	if (gids[i] == WHEEL_GID)
	    break;
    if (i == ng) {
	fprintf(stderr, "Sorry, you are simply not studly enough to run this program!\n");
	return 1;
    }
    
    if ((argc > 1) && (argv[1][0] == '-')) {
	name = av[1] + 1;
	sprintf(ps1, "PS1=(%s) ", name);
	av++;
	ac--;
    }
    else {
	name = "root";
	strcpy(ps1, "PS1=(#) ");
    }
    
    if ((ent = getpwnam(name)) == NULL) {
	fprintf(stderr, "Can't find password entry for \"%s\"\n", name);
	return 1;
    }
    
    if (!(setgid(ent->pw_gid) || setuid(ent->pw_uid))) {
	putenv(ps1);
	if (ac == 1)
	    if (shell = getenv("SHELL"))
		execl(shell, shell, (char *)0L);
	    else
		execl("/bin/sh", "sh", (char *)(0L));
	else
	    execvp(av[1], av + 1);
	fprintf(stderr, "Error in %s: ", argv[0]);
	perror("");
    }
    else { 
	fprintf(stderr, "%s setuid failed - ", argv[0]);
	perror("");
    }
    return 0;
}