程序是
#define _XOPEN_SOURCE 600
#undef NDEBUG
#include <assert.h>
#include <stdio.h>
#include <unistd.h>
int main()
{
int status = seteuid(0);
assert(status == 0);
printf("uid=%d, euid=%d\n", getuid(), geteuid());
char* cmdVec[] = {"sh", "script"};
status = execvp(cmdVec[0], cmdVec);
}
,由root和setuid拥有:
$ ls -l a.out
-rwsrwsr-x. 1 root steve 8760 Mar 21 14:06 a.out
脚本是
echo "euid=`id -u`"
程序执行脚本时,有效的用户ID从root更改为non-root:
$ ./a.out
uid=1000, euid=0
euid=1000
$
我的平台是
$ uname -a
Linux gilda 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
$
特权程序如何执行特权shell以执行具有特权的脚本?