Atlas - rootGuard.c
Home / lib / rootGuard Lines: 5 | Size: 3814 bytes [Download] [Show on GitHub] [Search similar files] [Raw] [Raw (proxy)][FILE BEGIN]1/* SPDX-License-Identifier: GPL-3.0 2 * Root Guard 3 * 4 * Root Guard is a simple library to quickly inject a root user check into 5 * C/C++ sbin programs. It does several checks to determine if the program 6 * is being run by the root user or even by a user with root privileges. 7 * 8 * Since just checking the UID isnt always enough, Root Guard performs 9 * multiple checks including: 10 * - The UID check 11 * - Checking access to /etc/shadow 12 * - Checking access to the root directory 13 * - I plan on adding /proc checks in the future 14 * 15 * COPYRIGHT NOTICE 16 * Copyright (C) 2025-2026 0x4248 and contributors 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the license is not changed. 19 * 20 * This software is free and open source. Licensed under the GNU general 21 * public license version 3.0 as published by the Free Software Foundation. 22*/ 23 24#include "rootGuard.h" 25#include "checks.h" 26#include <stdio.h> 27#include <stdlib.h> 28#include <string.h> 29 30#include <sys/types.h> 31#include <sys/wait.h> 32#include <errno.h> 33#include <unistd.h> 34 35int rootGaurd_check() { 36 int passing_checks = 0; 37 int checks_total = 2; /* Excludes the UUID checks */ 38 39 if (root_uuid_check() == RG_TP) { 40 /* Why stop here? Well here we assume that you are just root and no 41 * other checks are needed here 42 */ 43 return RG_OK; 44 } 45 46 if (shadow_file_check() == RG_TP) { 47 passing_checks++; 48 } 49 50 if (root_dir_check() == RG_TP) { 51 passing_checks++; 52 } 53 54 if (passing_checks == checks_total) { 55 /* All checks indicate root access, we can pass this on to the calling 56 program as a okay to handle */ 57 return RG_OK; 58 } 59 else if (passing_checks > 0) { 60 /* Looks like they have root privileges or some kind of root access, we 61 are going to semi pass this time to that the calling program can 62 decide what to do */ 63 return RG_SEMI_PASS; 64 } 65 return RG_VIOLATION; 66} 67 68int rootGaurd_perform_checks(int silent) 69{ 70 71 int ret = rootGaurd_check(); 72 if (ret == RG_OK) { 73 return RG_OK; 74 } 75 else if (ret == RG_SEMI_PASS) { 76 return RG_SEMI_PASS; 77 } 78 79 else if (ret == RG_VIOLATION) { 80 if (!silent){ 81 printf("[ rootGuard ] RootGuard has performed several checks and found no\n"); 82 printf(" indication of root access. Please run this program\n"); 83 printf(" as root or with elevated privileges.\n"); 84 } 85 86 return RG_VIOLATION; 87 } 88} 89 90int main(int argc, char *argv[]){ 91 int ret; 92 ret = rootGaurd_perform_checks(0); 93 if (ret != RG_OK){ 94 return -1; 95 } else { 96 // So we passed, now run what was in the argv 97 98 if (argc < 2){ 99 if (!ret){ 100 printf("No command provided to run as root.\n"); 101 } 102 return -1; 103 } 104 // build command 105 char command[1024] = {0}; 106 for (int i = 1; i < argc; i++){ 107 strcat(command, argv[i]); 108 if (i != argc -1){ 109 strcat(command, " "); 110 } 111 } 112 pid_t pid = fork(); 113 if (pid == 0) { 114 /* child: exec the requested command */ 115 execvp(argv[1], &argv[1]); 116 perror("execvp"); /* only reached on error */ 117 _exit(127); 118 } else if (pid > 0) { 119 /* parent: wait for child and return child's exit status */ 120 int status; 121 if (waitpid(pid, &status, 0) == -1) { 122 perror("waitpid"); 123 return -1; 124 } 125 if (WIFEXITED(status)) return WEXITSTATUS(status); 126 return -1; 127 } else { 128 perror("fork"); 129 return -1; 130 } 131 } 132}[FILE END](C) 2025 0x4248 (C) 2025 4248 Media and 4248 Systems, All part of 0x4248 See LICENCE files for more information. Not all files are by 0x4248 always check Licencing.