A simple SUID tool written in C++
- Pkg-config: https://www.freedesktop.org/wiki/Software/pkg-config/
- Libxcrypt: https://github.com/besser82/libxcrypt
Third party software support
- Bash completion (Install
- Only supported on Linux
shadow.h is one of the requirements of kos which is a "linux thing", so automatically won't work on something like OpenBSD, MacOS, SerenityOS or any other OSes. Kos will not work on any non-unix OSes as kos uses a lot of unix stuff, for example pwd.h, meaning will not work on stuff like Windows and other non-unix OSes. Though this is not really a big issue, this app is meant to be ran on linux and was made with the intention to be used on and with linux...
I used that function because it's literally the only way I know how to disable eching of STDIN in linux with C++ without using some huge lib like GNU readline or something...
People packaging kos for non-corporate use
I, the creator of kos, permit you to use any of these licenses: - GPLv3 - BSD 3-clause - ArAr2 If you do not want to bundle ArAr2 license together you are free to use any of the other ones
Building and installing
If you are
root you do not need to use
su, just run commands directly
CXXFLAGS='-D_KOS_VERSION="1"' CXX=g++ ./scripts/build.sh # Compiles with GCC instead of Clang (default)
CXXFLAGS='-D_KOS_VERSION="1"' is important as it will define version argument
./scripts/strip.sh kos su -c 'mkdir -p /usr/local/bin' su -c 'chown root:root ./kos' su -c 'install -Dm4711 ./kos /usr/local/bin'
Man page installation
su -c 'mkdir -p /usr/share/man/man1' su -c 'install -Dm0644 kos.1 /usr/share/man/man1/kos.1' su -c 'mandb -qf /usr/share/man/man1/kos.1'
Before running the script you can optionally:
- Set the
DO_STRIPenvironment variable to strip the binary after compilation
- Set the
INSTALL_MANenvironment variable to also install man page
chmod a+rx ./scripts/setup.sh su -c './scripts/setup.sh'
Compile program linking the libxcrypt lib, then give it suid privelages using 4711 permissions, the program executable should also be owned by the root user and group, program should first check if a command is supplied as not to trigger any bugs, then we validate that the user is in a master, by default kos, group and if that passes we go on to validate the password using passwd struct for getting the username of current logged in user, getuid() for getting uid of current user and then getting /etc/shadow entry using <shadow.h> for that specific user after that we ask for the user to enter their password and we do not echo STDIN, we wait for the user to hit enter and then we hash the password using crypt() function of libxcrypt and compare it to pw->sp_pwdp where pw is the spwd struct which is the shadow entry of currently logged in user, if everything is okay return true, else return false, if it passes we continue and call setuid() and setgid(), we check if they fail, if no, continue, else notify the user, then we increment the argv pointer array to ignore argv which is the program name and call run_command() on it, then in that function we fork the current process and check if it succeeded, if no we notify the user, else we contnue, if the currect process is in child we call execvp() and run the command, if in parent we waitpid() the child and get the exit code, which we return and then finally we just exit with the code the child process exited with
Note for packagers
- Arch Linux
Permission issues (ERROR: Failed getting groups for user ...) The issue can be solved with one install command: $ install -Dm4755 -o root "$srcdir/$pkgname-$pkgver/kos" "$pkgdir/usr/bin/kos"
- If you're building for size make sure to build with
CXXFLAGSas it barely touches start times but it decreases the size largely, stripping can help too
- By default kos has modifying of the environment (I.e. USER, HOME, ...) enabled, this increases the size by 39KB (no optimisation), if you want to not set the env and have a smaller binary, disable that in
config.hby commenting out the definition
- If you every want to debug kos use
There are two scripts in the testing scripts directory, one is
noroot.sh and other
*.lib.sh are just libs.
If you want to test it you just run the scripts, though which ones?
- If you have access to root run:
- If you have access to a non-privileged user run:
- If you have access to both run.. Well both
- Run valgrind on kos
CXXFLAGS='-Og -g' ./scripts/build.sh valgrind ./kos valgrind -s ./kos
Or run valgrind.sh testing script, will test all compilers, tools and stuff, in general a much more in-depth test
127 on failure (detection of a memory leak) and you can see the log file in
- Net-tools (or a
Net-tools is not a thing for me!
You can easily make your own
hostname command which is the only thing testing depends on:
#!/usr/bin/env sh cat /etc/hostname
Add this to /usr/bin/hostname and make it executable:
su -c 'chmod 755 /usr/bin/hostname'
Using as a header
KOS_H before including the
Inputting password from external sources
This section only applies if
HAVE_PIPE is set
Kos supports piping to STDIN so you can easily just pipe (
|) the password to STDIN :)
echo 'Top-secret-passw0rd' | kos id
printf '' | dmenu -l 0 -p 'Password: ' | kos id