https://github.com/sweetbbak/doit

A sudo / doas clone that instantly deletes itself after one use lol. Use at your own risk. Setuid binaries can be risky.
https://github.com/sweetbbak/doit

Last synced: 2 months ago
JSON representation

A sudo / doas clone that instantly deletes itself after one use lol. Use at your own risk. Setuid binaries can be risky.

• Host: GitHub
• URL: https://github.com/sweetbbak/doit
• Owner: sweetbbak
• Created: 2023-11-28T02:17:43.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2023-11-28T03:42:04.000Z (over 1 year ago)
• Last Synced: 2025-02-05T03:01:46.941Z (4 months ago)
• Language: Go
• Size: 5.86 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        




  



## What? and Why?

a setuid binary that allows you to run a single command as root before it deletes itself

idk why I thought'd it be funny tho. I was thinking about security and stuff and this

came to mind.

Then I was wondering if there was a "disposable" sudo binary that was a one time use, or

one that could give you very very limited commands that are able to run. Mainly because

working around user space operations that need root are just annoying.

maybe you could make a custom binary with `just` and allow-list a single command, like

`chroot` or something, let a process use it for just what it needs and then it silently

deletes itself. Not practical probably but I kinda like the idea of a `disposable` and

limited scope binary that you constantly generate and use as needed.

Im also curious if you could download a `tar` ball with setuid binaries in it and have

root on that machine. Probably not right? but also why not? 

## Examples

```bash

  ./doit whoami # root

  ls            # . .. --> binary deleted itself lol

```

## Installation

Build from source

```bash

go build

chown root:root doit

chmod u+s doit

# or

just

```

## Features

doit as root, but only once lol

## Allow listing

* Experimental

edit the just file under `allows` and add commands you want to allow list like:

`go build -ldflags "-s -w -X main.build_allow=true -X main.allow1=env -X main.allow2=chroot"`

up to allow5. You obviously wouldn't want to allow `env` since you can run anything using that.

it is "smart" to pack the binary with `upx` before chmod + chown-ing it.

```bash

just allows

```

please dont use this for anything serious, I am really just messing around here.