summaryrefslogtreecommitdiff
path: root/uid_wrapper.html
blob: 90694f4cba6992c8083fa3a229c0e0676e7d68d1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<!DOCTYPE html>
<html lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">
    <link rel="shortcut icon" href="/favicon.png">

    <title>cwrap - uid_wrapper</title>

    <!-- Bootstrap core CSS -->
    <link href="assets/css/bootstrap.min.css" rel="stylesheet">

    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
    <![endif]-->
  <link href="assets/cwrap.css" type="text/css" rel="stylesheet"></head>

  <body>
    <div class="container subpage-header">
      <div class="">
        <a href="/">cwrap</a>
      </div>
    </div>

    <div class="container subpage">
        <h1>The uid_wrapper library</h1>
        <!-- Example row of columns -->
        <div class="row">
            <div class="col-md-12">
                <p>A testing tool to fake privilege separation</p>

                <div align="center">
                    <img src="img/uid_wrapper.png" border="0"/>
                </div>

                <br />

                <p align="center">
                    <a class="btn btn-warning btn-lg" role="button" href="./download.html#uid_wrapper"><span class="glyphicon glyphicon-random"></span> Clone with git</a> ยท
                    <a class="btn btn-danger btn-lg" role="button" href="https://bugzilla.samba.org/enter_bug.cgi?product=cwrap"><span class="glyphicon glyphicon-send"></span> Report a bug</a>
                </p>

                <center>
                    <script type="text/javascript" src="https://asciinema.org/a/117259.js" id="asciicast-117259" async></script>
                </center>

                <br />

                <p>
                Some projects, such as a file server, need privilege
                separation to be able to switch to the user who owns the
                files and do file operations on their behalf. uid_wrapper
                convincingly lies to the application, letting it believe
                it is operating as root and even switching between UIDs
                and GIDs as needed. You can start any application making
                it believe it is running as root.
                </p>

                <h2>Features</h2>
                <ul>
                    <li>Allows uid switching as a normal user.</li>
                    <li>Start any application making it believe it is running as root.</li>
                    <li>Support for user/group changing in the local thread using the syscalls (like glibc).</li>
                    <li>uid_wrapper intercepts <code>seteuid(2)</code> and related calls and simulates them in a way transparent to the application</li>
                </ul>

                <h2>Detailed descriptions</h2>
                <ul>
                    <li>If you load the uid_wrapper and enable it with setting <code>UID_WRAPPER=1</code> all <code>setuid()</code> and <code>setgid()</code> calls will work, even as a normal user.</li>
                    <li>It is possible to start your application as fake root with setting <code>UID_WRAPPER_ROOT=1.</code></li>
                    <li>Enable debugging of uid_wrapper itself by setting the <code>UID_WRAPPER_DEBUGLEVEL</code> variable</li>
                </ul>

            </div> <!-- /col -->
        </div>

    </div>
    <div class="container footer-line">
      <footer>
      <div class="row footer">
        <div class="col-md-6">
          <h3>Contact</h3>
          <p><a href="https://lists.samba.org/mailman/listinfo/samba-technical" target="_blank">samba-technical@lists.samba.org</a></p>
        </div>

        <div class="col-md-3 col-md-offset-3">
          <h3>Credits</h3>
          <p>Robin Hack<br />
          Andreas Schneider</p>
        </div>
      </div>
      </footer>
   </div> <!-- /container -->

   <!-- Bootstrap core JavaScript
        ================================================== -->
   <!-- Placed at the end of the document so the pages load faster -->
   <script src="assets/js/jquery-1.js"></script>
   <script src="assets/js/bootstrap.min.js"></script>

<!-- Piwik -->
<script type="text/javascript">
  var _paq = _paq || [];
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//stats.cryptomilk.org/";
    _paq.push(['setTrackerUrl', u+'piwik.php']);
    _paq.push(['setSiteId', 3]);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<noscript><p><img src="//stats.cryptomilk.org/piwik.php?idsite=3" style="border:0;" alt="" /></p></noscript>
<!-- End Piwik Code -->

</body></html>