fsebugoutzone.org:9999

       Post ABl1xncCLyyx8gmL7Q by goo@tech.lgbt
 (DIR) More posts by goo@tech.lgbt
 (DIR) Post #ABkDebD1G9t5S5eWbw by alexbuzzbee@fosstodon.org
       2021-09-26T06:05:31Z
       
       1 likes, 0 repeats
       
       void main() {execl(&quot;wg&quot;, &quot;show&quot;, &quot;all&quot;, &quot;dump&quot;, NULL);} // FIXME: All WireGuard private keys dumped to unprivileged caller.$ cc wg-dump.c -o wg-dump# chown root:root wg-dump# chmod +s wg-dump
       
 (DIR) Post #ABkE1cJPKBtbX8cHBY by shom@fosstodon.org
       2021-09-26T06:09:39Z
       
       0 likes, 0 repeats
       
       @alexbuzzbee I&#39;m probably being dense... but if you have to chown it to root:root doesn&#39;t that mean you&#39;re a privileged user already? I&#39;m sure I&#39;m missing something here.
       
 (DIR) Post #ABkUvRK0yIRovnXa2C by bugaevc@mastodon.technology
       2021-09-26T09:18:59Z
       
       0 likes, 0 repeats
       
       @alexbuzzbee void main is ill-formed :blobcatthinksmart:
       
 (DIR) Post #ABl0Wlt0ZcXc0KBox6 by alexbuzzbee@fosstodon.org
       2021-09-26T15:12:59Z
       
       1 likes, 0 repeats
       
       @bugaevc The proper form of the program is more like#include &lt;unistd.h&gt;int main(void) {  execl(&quot;wg&quot;, &quot;show&quot;, &quot;all&quot;, &quot;dump&quot;, NULL);  return 1; // exec failed}but quick hacks have a tendency to do whatever compiles.
       
 (DIR) Post #ABl1xncCLyyx8gmL7Q by goo@tech.lgbt
       2021-09-26T08:05:00Z
       
       0 likes, 0 repeats
       
       @shom @alexbuzzbee the third command makes the executable setuid, which means it will run as root for all users, making the keys available to unprivileged users
       
 (DIR) Post #ABl1xo7kSgDeiXXXIO by shom@fosstodon.org
       2021-09-26T12:13:23Z
       
       0 likes, 0 repeats
       
       @goo ah okay, my point was that you need to be privileged at least once but the point being made is you need to be privileged only once.  @alexbuzzbee
       
 (DIR) Post #ABl1xobAhHksBnJ29o by alexbuzzbee@fosstodon.org
       2021-09-26T15:28:36Z
       
       1 likes, 0 repeats
       
       @shom @goo The idea is that the program is installed by the system administrator to give unprivileged users access to WireGuard status info, but it has a bug because the default behavior of `wg show all dump` is to output the private keys, which the sysadmin doesn&#39;t want.
       
 (DIR) Post #ABl23RJsA2HrjCte9A by alexbuzzbee@fosstodon.org
       2021-09-26T15:30:11Z
       
       0 likes, 0 repeats
       
       @bugaevc or execlp rather
       
 (DIR) Post #ABl2gkMzGZnk6a62qG by bugaevc@mastodon.technology
       2021-09-26T15:37:19Z
       
       0 likes, 0 repeats
       
       @alexbuzzbee I agree this is nicer, but neither the include, nor the void, nor the return are required for formal correctness, whereas specifying the return type as int is. It&#39;s even shorter than void (3 chars vs 4), so...
       
 (DIR) Post #ABl5waAFHHD0wuNZMO by alexbuzzbee@fosstodon.org
       2021-09-26T16:13:50Z
       
       0 likes, 0 repeats
       
       @bugaevc Yes, but they also avoid warnings, and warnings bad &gt;:(