
A sudo / doas clone that instantly deletes itself after one use lol. Use at your own risk. Setuid binaries can be risky.

Primary LanguageGo

What? and Why?

a setuid binary that allows you to run a single command as root before it deletes itself idk why I thought'd it be funny tho. I was thinking about security and stuff and this came to mind.

Then I was wondering if there was a "disposable" sudo binary that was a one time use, or one that could give you very very limited commands that are able to run. Mainly because working around user space operations that need root are just annoying.

maybe you could make a custom binary with just and allow-list a single command, like chroot or something, let a process use it for just what it needs and then it silently deletes itself. Not practical probably but I kinda like the idea of a disposable and limited scope binary that you constantly generate and use as needed.

Im also curious if you could download a tar ball with setuid binaries in it and have root on that machine. Probably not right? but also why not?


  ./doit whoami # root
  ls            # . .. --> binary deleted itself lol


Build from source

go build
chown root:root doit
chmod u+s doit
# or


doit as root, but only once lol

Allow listing

  • Experimental

edit the just file under allows and add commands you want to allow list like: go build -ldflags "-s -w -X main.build_allow=true -X main.allow1=env -X main.allow2=chroot" up to allow5. You obviously wouldn't want to allow env since you can run anything using that. it is "smart" to pack the binary with upx before chmod + chown-ing it.

just allows

please dont use this for anything serious, I am really just messing around here.