为什么执行系统调用可以在运行时以"/bin/sh"运行?没有任何argv参数,但不是"/bin/ls"? [英] Why can the execve system call run "/bin/sh" without any argv arguments, but not "/bin/ls"?
问题描述
我对__NR_execve
的系统调用感到困惑.当我学习linux系统时调用.我知道使用execve
的正确方法是这样的:
I am confused with the syscall of __NR_execve
. When I learn linux system call. The correct way that I know to use execve
is like this:
char *sc[2];
sc[0]="/bin/sh";
sc[1]= NULL;
execve(sc[0],sc,NULL);
然后,函数execve
将调用syscall()
进入系统内核,并将参数放在寄存器EAX
,EBX
,ECX
和EDX
上.但是,如果我使用
Then the function execve
will call syscall()
to get into system kernel with putting the arguments on Registers EAX
, EBX
, ECX
and EDX
. However, It still succeed if I use
execve("/bin/sh",NULL,NULL);
但是如果我将"/bin/sh"
替换为"/bin/ls"
,它将失败并显示:
But if I replace "/bin/sh"
with "/bin/ls"
,it fail with:
A NULL argv[0] was passed through an exec system call.
我想知道为什么"/bin/sh"
在没有足够参数的情况下可以成功执行,而"/bin/ls"
却失败了吗?
I wonder why "/bin/sh"
can be executed successfully without enough parameters while "/bin/ls"
fail?
推荐答案
这不是内核问题,无论argv
和envp
是否为NULL
,内核都将运行execve的filename
arg,它只是argv[0]
指向程序名称的Unix约定.
This is not a kernel issues, kernel will run filename
arg of execve regardless of argv
and envp
are NULL
or not, it is just a unix convention that argv[0]
points to the program name.
您看到的只是正常现象,没有错.因为ls
是GNU coreutils的一部分,并且coreutils程序包中的所有程序都调用set_program_name
进行一些设置工作,所以您可以在源代码中看到它检查argv[0]
是否为NULL,然后它将调用abort
.几时.
另一方面,/bin/sh
显然是一个不属于coreutils的程序,并且不针对argv[0]
进行检查,因此它可以毫无问题地运行.
And what's you saw is just normal, nothing is wrong. Because ls
is part of GNU's coreutils, and all programs in the coreutils package call set_program_name
to do some setup work, you can see in the source, it checks whether argv[0]
if NULL, and it will call abort
when it is.
On the other hand, /bin/sh
is apparently a program that does not belong to coreutils, and does not check against argv[0]
, that's why it run without the problem.
请参阅源代码:
http://git.savannah. gnu.org/cgit/coreutils.git/tree/src/ls.c#n1285
http://git.savannah. gnu.org/cgit/gnulib.git/tree/lib/progname.c#n51
这篇关于为什么执行系统调用可以在运行时以"/bin/sh"运行?没有任何argv参数,但不是"/bin/ls"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!