gpt4 book ai didi

c - 可执行文件设置root suid,但access(path, W_OK) 仍然返回-1?

转载 作者:太空宇宙 更新时间:2023-11-04 06:21:04 25 4
gpt4 key购买 nike

为什么可执行文件设置了root suid,但是access(path, W_OK) 仍然返回-1?

代码:

#include <stdio.h>
#include <unistd.h>

int main()
{
printf("privilege => %d\n", access("/usr/local/etc/t.conf", W_OK));
return 0;
}

测试运行:

[www@mypy access]$ ll
总用量 12
-rwsrwxr-x. 1 root root 6600 1月 22 10:05 access
-rw-rw-r--. 1 www www 135 1月 22 10:05 access.c

[www@mypy access]$ ./access
privilege => -1

[root@mypy access]# ./access
privilege => 0

最佳答案

access 库函数有意检查真实用户的访问权限,忽略了可执行文件具有不同的有效 UID/GID 这一事实。

如果您只想知道是否可以进行读或写访问,您可以打开文件并查看是否有错误。但是,细心的 setuid 可执行文件通常想知道真实用户是否能够对文件执行操作。要找出答案,他们可以使用 access 库函数。

这在 man 2 access 中有解释:

The check is done using the calling process's real UID and GID, rather than the effective IDs as is done when actually attempting an operation (e.g., open(2)) on the file.…

This allows set-user-ID programs and capability-endowed programs to easily determine the invoking user's authority. In other words, access() does not answer the "can I read/write/execute this file?" question. It answers a slightly different question: "(assuming I'm a setuid binary) can the user who invoked me read/write/execute this file?", which gives set-user-ID programs the possibility to prevent malicious users from causing them to read files which users shouldn't be able to read.

关于c - 可执行文件设置root suid,但access(path, W_OK) 仍然返回-1?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34937917/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com