Illustrative and probably very buggy example of what su essentially does

switcharoo.c

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <string.h>
#include <crypt.h>

/**
 * Illustrative and probably very buggy example of what su essentially does
 * 
 * To compile run: gcc switcharoo.c -o switcharoo -l crypt
 * Set permissions: sudo chown root:root switcharoo
 * Set suid bit: sudo chmod 4755 switcharoo
 */

int main(int argc, char** argv) {
    char *password = getpass("Password:");
    FILE *fh = fopen("/etc/shadow", "r");
    char line[200];
    fgets(line, 200, fh); // read first line, usually corresponds to root user
    char *username = strtok(line, ":"); // extract first column
    char *hash = strtok(NULL, ":"); // extract second column
    printf("Hash from /etc/shadow is: %s\n", hash);
    char *result = crypt(password, hash); // calculate hash with salt from /etc/shadow
    printf("User supplied password results in hash: %s\n", result);
    int ok = strcmp (result, hash) == 0; // compare hashes

    puts(ok ? "Access granted." : "Access denied.");

    if (ok) {
        printf("UID before setuid: %d\n", getuid());
        printf("Effective UID before setuid: %d\n", geteuid());
        setuid(0); // set actual UID to 0
        printf("UID after setuid: %d\n", getuid());
        printf("Effective after setuid: %d\n", geteuid());
        system("bash"); // execute new shell with root permissions
        return 0;
    } else {
        return 255;
    }
}