将setuid位设置为on后无法加载程序 [英] Program can't load after setting the setuid bit on
问题描述
请考虑这种情况,其中可执行文件A.bin使用libY.so和libZ.so. A.c,Y.c和Z.c均用C编写. Z.c和Y.c被编译成各自的.so文件.
Consider this scenario in which an executable A.bin uses libY.so and libZ.so. A.c, Y.c and Z.c are all written in C. Z.c and Y.c are compiled into respective .so files.
这是文件的目录结构
$ home/bin/A.bin $ home/lib/libY.so $ home/lib/libZ.so
$home/bin/A.bin $home/lib/libY.so $home/lib/libZ.so
当我以普通用户身份运行A.bin时,A.bin正常运行. 注意:$ LD_LIBRARY_PATH包含$ home/lib
When I run A.bin as normal user, A.bin runs normally as expected. Note: $LD_LIBRARY_PATH contains $home/lib
我在A.c中更改了一些代码,添加了一些需要管理员权限的功能(例如绑定到小于1000的端口). 我将A.bin,libY.so和libZ.so的setuid位设置为rwsrwsrws,并将文件的所有权更改为root.当我尝试运行A.bin时,出现以下错误
I changed some code in A.c adding some functionality which needs admin privileges(like binding to a port less than 1000). I set the setuid bit for A.bin, libY.so and libZ.so to rwsrwsrws, and change the ownership of the files to root. When I try to run A.bin, I get the following error
ld.so.1:A.bin:致命:libY.so:打开失败:没有这样的文件或目录 被杀死
ld.so.1: A.bin: fatal: libY.so: open failed: No such file or directory Killed
当我仅从所有这些文件中删除setuid权限时,二进制文件将运行,但该功能在需要root特权的地方会失败.
When I just remove the setuid permission from all those files, then the binary runs except for the functionality fails where it needs root privileges.
如何克服这个问题?
操作系统为Solaris 5.10
The OS is Solaris 5.10
推荐答案
正如AProgrammer所说,在执行setuid程序时,$ LD_LIBRARY_PATH被忽略.因此,链接时必须使用此标志将路径硬编码到可执行文件本身中
As AProgrammer said, while executing setuid programs, $LD_LIBRARY_PATH is ignored. Hence the path has to be hardcoded in the executable itself using this flag while linking
gcc -R $ home/lib
gcc -R $home/lib
-R标志将运行时搜索路径列表构建为可执行文件.
The -R flag builds runtime search path list into executable.
参考: http://www.justskins.com/forums/loading-shared-libraries-from-a-setuid-program-116597.html
这篇关于将setuid位设置为on后无法加载程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
