gpt4 book ai didi

linux - 为什么 ping 可以从用户运行,但不能作为 root 运行?为什么 root 不能加载现有的库,而用户可以?

转载 作者:塔克拉玛干 更新时间:2023-11-03 00:35:45 29 4
gpt4 key购买 nike

<分区>

我发现,ping 在以用户身份运行时有效,但在成为 root 时无效。问题是,当 beeing root 时,LD 不会加载/lib64/libnss_dns.so.2 库,它会出现 EACCESS 错误。

当我从 root 运行 ping 时:

root# ping -c1 localhost
ping: unknown host localhost

这是因为:

root# strace ping -c1 localhost 
....
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib64/tls/x86_64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
stat("/lib64/tls/x86_64", 0x7fffa619da70) = -1 EACCES (Permission denied)
open("/lib64/tls/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
stat("/lib64/tls", 0x7fffa619da70) = -1 EACCES (Permission denied)
open("/lib64/x86_64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
stat("/lib64/x86_64", 0x7fffa619da70) = -1 EACCES (Permission denied)
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
stat("/lib64", {st_mode=S_IFDIR|0655, st_size=4096, ...}) = 0

不用担心。/lib64/libnss_files.so.2 存在于我的系统中:

# ls -la /lib64/libnss_files.so.2
lrwxrwxrwx 1 root root 20 2015-08-19 /lib64/libnss_files.so.2 -> libnss_files-2.15.so
$ ls -la /lib64/libnss_files-2.15.so
-rwxr-xr-x 1 root root 62418 2012-07-16 /lib64/libnss_files-2.15.so

当以用户身份运行时,ping 工作正常:

user# ping -c1 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.038 ms

--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.038/0.038/0.038/0.000 ms
user# strace ping -c1 localhost
...
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
...

如果我执行 LD_PRELOAD libnss_files.so.2,那么 ping 从 root 运行(为什么?):

root# LD_PRELOAD=/lib64/libnss_files.so.2 ping -c1 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.043 ms

--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms

此系统 ping 具有 setuid:

# ls -la /usr/bin/ping
-rwsr-sr-x 1 root root 40000 2012-07-16 /usr/bin/ping

这怎么可能?为什么 root 在加载库时会出现 EACCES 错误,而用户加载它们却没有问题?为什么 LD_PRELOAD 对带有 setuid 的二进制文件有影响?如果从 root 运行,LD_PRELOAD 是否会对带有 setuid 的二进制文件产生影响?

我用脚本记录了 LD_DEBUG=all ping -c1 localhoststrace -f ping -c1 localhost 从用户和 root 运行的输出:

script.user.txt

script.root.txt

系统比较旧:

# uname -a
Linux gucio 3.4.6-2.10-desktop #1 SMP PREEMPT Thu Jul 26 09:36:26 UTC 2012 (641c197) x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/SuSE-release
openSUSE 12.2 (x86_64)
VERSION = 12.2
CODENAME = Mantis
$ ping -V
ping utility, iputils-sss20101006

本系统中没有SELinux。本系统中有AppArmor。

29 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com