setuid()失败-不允许操作 [英] setuid() failing - operation not permitted
问题描述
changeIDs()试图使用setuid()更改有效的用户ID 但总是出错,我不确定为什么.
changeIDs() is trying to use setuid() to change the effective user id but it always errors out and I'm not sure why.
我在计算机上有两个用户.用户是UID为1000的管理员.另一个标准用户(用户2)的UID为1001.
I have two users on computer. user is an admin with UID of 1000. The other standard user, user 2, has a UID of 1001.
我想使用此程序将user2的有效UID设置为user1的有效UID(1000).为什么setuid()不断出错?
I want to use this program to set user2's effective UID to that of user1 (1000). Why does setuid() keep erroring?
我确保也可以在程序可执行文件上运行chmod u + s,但仍然失败.
I made sure to run chmod u+s on the program executable as well and it still fails.
带有setuid()的错误-errno:不允许操作
另外,您知道为什么我的短弦中的E in会中断吗?
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <getopt.h>
#include <ctype.h>
#include <string.h>
#include <sys/types.h>
#include <errno.h>
void getArguments(int argc, char **argv);
void displayIDs();
void changeID(int userid);
int main(int argc, char **argv)
{
getArguments(argc, argv);
return 0;
}
/*
* The program accepts an option of "c" followed by a numeric user id.
* When executing the program with the c option followed by a user id,
* the system displays the real, effective, and saved set user id,
* then attempts to change the effective user id to the numeric user
* id passed into the application, and then displays the real,
* effective, and saved set user id. (20 pts)
*/
void changeID(int userid)
{
printf("Original IDs:\n==================\n");
displayIDs();
uid_t newid = (uid_t)userid;
//pass the id var as references as outlined in the setuid() man pages
//error check, fail returns -1
/*
if(setresuid(&newid, &newid, &newid) == -1)
{
perror("Error with setuid() - errno " + errno);
}
*/
if(setuid(&newid) == -1)
{
perror("Error with setuid() - errno " + errno);
}
printf("\n(Attempted) Changed IDs:\n==================\n");
displayIDs();
}
/*
* The program accepts an option of "g."
* When executing the program with the g option,
* the system displays the real, effective,
* and saved set user id. (10 pts)
*/
void displayIDs()
{
uid_t ruid;//real user id
uid_t euid;//effective user id
uid_t suid;//saved set id
//pass the id vars as references as outlined in the getresuid() man pages
//error check, fail returns -1
if ( getresuid(&ruid, &euid, &suid) == -1)
{
perror("Error with getresuid() - errno " + errno);
}
printf("Real User ID: %d\n", ruid);
printf("Effective User ID: %d\n", euid);
printf("Saved Set User ID: %d\n", suid);
}
//get the arguments from the command line and pass it into the program, calling the right function
void getArguments(int argc, char **argv)
{
int option = 0;
while ((option = getopt(argc, argv, "gc:")) != -1)
{
switch (option)
{
case 'g' :
displayIDs();
break;
case 'c' :
changeID(optarg);
break;
case '?' :
printf("Invalid argument\n");
break;
default:
printf("Invalid - no argument (g or c)\n");
break;
}
}
}
推荐答案
带有setuid()的错误-errno:不允许操作
另外,您知道为什么我的短弦中的E in会中断吗?
这是因为您传递了perror()
"Error with setuid() - errno " + errno
,它等效于&"Error with setuid() - errno "[errno]
,该值(由于errno
等于1)等于字符串的第二个char
的地址.
您似乎习惯了使用串联运算符+
的语言,而在C语言中则不是这种情况.
This is because you pass perror()
"Error with setuid() - errno " + errno
, which is equivalent to &"Error with setuid() - errno "[errno]
, which is (since errno
equals 1) equal to the address of the second char
of the string.
You seem to be used to a language with a concatenation operator +
, which is not the case in C.
这篇关于setuid()失败-不允许操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!