gpt4 book ai didi

c - 有效的 UID 对 kill 命令不生效

转载 作者:太空宇宙 更新时间:2023-11-03 23:26:48 31 4
gpt4 key购买 nike

我正在尝试了解用户 ID/有效用户 ID。当我切换到一个用户(在此示例中为 apache)时,我仍然可以向在根 UID 下运行的程序发送 SIGKILL 信号。

输出示例:

[root@devserv ~]# ./testsuid
Real UID = 0
Effective UID = 0
Real GID = 0
Effective GID = 0


Real UID = 0
Effective UID = 102
Real GID = 0
Effective GID = 501


Real UID = 0
Effective UID = 0
Real GID = 0
Effective GID = 0

这里是我正在执行的代码:

[root@devserv ~]# cat test.c
#include <signal.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/file.h>

static uid_t euid, ruid;
static gid_t egid, rgid;

void do_setuid (void) {
int status;
int statusgid;

#ifdef _POSIX_SAVED_IDS
status = setegid (egid);
statusgid = seteuid (euid);
#else
status = setregid (rgid, egid);
statusgid = setreuid (ruid, euid);
#endif
if (status < 0) {
fprintf (stderr, "Couldn't set uid.\n");
exit (status);
}
if (statusgid < 0) {
fprintf (stderr, "Couldn't set gid.\n");
exit (status);
}
}


void undo_setuid (void) {
int status;

#ifdef _POSIX_SAVED_IDS
status = seteuid (ruid);
status = setegid (rgid);
#else
status = setreuid (euid, ruid);
status = setregid (egid, rgid);
#endif
if (status < 0) {
fprintf (stderr, "Couldn't set uid.\n");
exit (status);
}
}


int main(void)
{
ruid = 0;
euid = 102;
rgid = 0;
egid = 501;
undo_setuid ();

printf("Real UID\t= %d\n", getuid());
printf("Effective UID\t= %d\n", geteuid());
printf("Real GID\t= %d\n", getgid());
printf("Effective GID\t= %d\n", getegid());

do_setuid ();

printf("\n\nReal UID\t= %d\n", getuid());
printf("Effective UID\t= %d\n", geteuid());
printf("Real GID\t= %d\n", getgid());
printf("Effective GID\t= %d\n", getegid());

kill(27279, SIGKILL);

undo_setuid();

printf("\n\nReal UID\t= %d\n", getuid());
printf("Effective UID\t= %d\n", geteuid());
printf("Real GID\t= %d\n", getgid());
printf("Effective GID\t= %d\n", getegid());


return EXIT_SUCCESS;
}

strace 对我的 nano 进程的结果:

[root@devserv ~]# strace -p 27279
Process 27279 attached - interrupt to quit
read(0, <unfinished ...>
+++ killed by SIGKILL +++

现在的问题是:

有效 UID 为 102 的进程如何终止以 root 身份运行的进程?

最佳答案

来自 man 2 kill(强调我的):

For a process to have permission to send a signal it must either be privileged (under Linux: have the CAP_KILL capability), or the real or effective user ID of the sending process must equal the real or saved set-user-ID of the target process.

换句话说,尽管有效 UID 为 102,它的真实 UID 仍为 0,因此它能够向根进程发送 SIGKILL。

关于c - 有效的 UID 对 kill 命令不生效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25245872/

31 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com