2
#include <sys/resource.h>
13
int main(int argc, char *argv[], char *envp[])
15
char *apt_argv[] = {"/usr/bin/apt-get", "-q", "update", NULL};
16
char *apt_envp[] = {"PATH=/bin:/usr/bin", NULL, NULL};
18
// Set the HOME environment variable
19
struct passwd *pwd = getpwuid(geteuid());
21
fprintf(stderr, "error: Unable to find passwd entry for uid %d (%s)\n",
22
geteuid(), strerror(errno));
25
if (asprintf(&apt_envp[1], "HOME=%s", pwd->pw_dir) == -1) {
26
perror("error: Unable to create HOME environment variable");
30
// Drop any supplementary group
31
if (setgroups(0, NULL) == -1) {
32
perror("error: Unable to set supplementary groups IDs");
36
// Set real/effective gid and uid
37
if (setregid(pwd->pw_gid, pwd->pw_gid) == -1) {
38
fprintf(stderr, "error: Unable to set real and effective gid (%s)\n",
42
if (setreuid(pwd->pw_uid, pwd->pw_uid) == -1) {
43
perror("error: Unable to set real and effective uid");
47
// Close all file descriptors except the standard ones
49
if (getrlimit(RLIMIT_NOFILE, &rlp) == -1) {
50
perror("error: Unable to determine file descriptor limits");
54
if (rlp.rlim_max == RLIM_INFINITY || rlp.rlim_max > 4096)
57
file_max = rlp.rlim_max;
59
for (file = 3; file < file_max; file++) {
64
umask(S_IWGRP | S_IWOTH);
66
if (chdir("/") == -1) {
67
perror("error: Unable to change working directory");
72
execve(apt_argv[0], apt_argv, apt_envp);
73
perror("error: Unable to execute apt-get");