PPP Kill Wrapper

Text version of this page

PPP Kill SUID Wrapper

The problem this file solves is how to allow users to run a command as root (killall pppd) without giving them root priviledges. The simplest way is to write what is called a C wrapper for the program, which allows the program to be run suid root, but without introducing any extra security holes into your system.

This is a C wrapper for the killall command. Copy the lines between the two rows of ======== into a file called pppoff.c. (Make sure that the < characters come out as less-than characters in the code.) Then, while logged in as root do
gcc -o pppoff pppoff.c
chmod a+x pppoff
chmod +s pppoff
When you want to terminate a connection, just run
pppoff
Note that this file will allow any user to kill a running pppd, even if they did not start it. If you have users who would abuse this, you have deeper problems than this note is liable to solve, and you probably already have the expertise to solve the problem yourself.
pppoff.c

 
===============================
#include <signal.h>
#include <sys/param.h>
#include <pwd.h>
static char *trusted_env[]={"PATH=/usr/bin:/usr/sbin:/sbin:/bin",0};
main()
{
struct passwd *pwd;
        int i;
        uid_t uid;
for (i=0;i < NSIG;i++){ if(i!= SIGKILL && i!=SIGCHLD)
                                {(void) signal(i,SIG_IGN);}
                    }
uid=getuid();

if ( (pwd = getpwuid(uid))== (struct passwd *)0 )
    exit(1);
setuid((uid_t)0);

execle("/usr/bin/killall","/usr/bin/killall","pppd",(char *)0,trusted_env);

setuid(uid);
exit(1);
}
================================