无法生成c语言更改用户后,核心文件从根到人 [英] can't generate core file after change user from root to nobody in c language
问题描述
从根本上没有人在改变用户后的 c语言,我相信该方案核心转储,但始终无法生成的核心文件。
我敢肯定,没有人在当前目录下生成文件的权利。和的ulimit -c是无限的,我用:
系统(回声tesstestestestestetestestet !!!!!!'> hahahahhaahahah);
更改用户后,从根到人,该文件hahahahhaahahah创建!
所以,我很迷惑!
这里是我的C文件:
的#include< pwd.h>
#包括LT&;&stdio.h中GT;
#包括LT&;&string.h中GT;
#包括LT&;&unistd.h中GT;
#包括LT&; SYS / types.h中>
#包括LT&;&stdlib.h中GT;诠释的main()
{
1#如果
结构passwd文件* PW; //字符*用户名=根;
字符*用户名=没人;
如果(的getuid()== 0 || geteuid()== 0)
{
如果(用户名== 0 || *用户名=='\\ 0')
{
fprintf中(标准错误,不能没有-u开关\\ n以root身份运行);
出口(-1);
}
如果((PW = getpwnam(用户名))== NULL)
{
fprintf中(标准错误,找不到%s用户切换到\\ n,用户名);
出口(-1);
}
如果(setgid的(PW-> pw_gid)℃,||的setuid(PW-> pw_uid)℃的)
{
fprintf中(标准错误,未能承担%s用户的\\ n身份,用户名);
出口(-1);
}
}
#万一 的printf(现在用户更改组ID%D,用户ID%d个\\ N,getgid()的getuid()); 系统(回声tesstestestestestetestestet !!!!!!'> hahahahhaahahah);
字符* test_a = \"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\";
字符* test_b;
的strcpy(test_b,test_a);
*(字符*)1 = 1;
的printf(test_b:%S \\ n,test_b);
}
阅读的仔细的的芯(5)手册页:
有其中一个核心转储文件,不会产生各种情况:
块引用>.... 从该名男子页跳过一些文本的....
- 的方法,正在执行的一组用户ID(设定组ID)不是过程的实际用户(组)标识其他由用户(组)所拥有的程序。
块引用>因此,基本上,后一个成功的的setuid(2)系统调用,核心是的不的甩了。(出于安全原因)
又见Linux特有的使用prctl(2)系统调用与
PR_SET_DUMPABLE
。阅读也 http://advancedlinuxprogramming.com/
NB。有一个
人
可写目录可能是一个坏主意。在人
用户一般不应拥有任何文件或目录!after change user from root to nobody in c language, and I am sure the program core dump, but always can't generate core file. I'm sure nobody have the right to generate file in current dir. and ulimit -c is unlimited, and I use :
system("echo 'tesstestestestestetestestet!!!!!!' > hahahahhaahahah");
after change user from root to nobody, the file hahahahhaahahah was created!
so, I'm very confuse!
here is my c file:
#include <pwd.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <stdlib.h> int main() { #if 1 struct passwd *pw; //char *username = "root"; char *username = "nobody"; if (getuid() == 0 || geteuid() == 0) { if (username == 0 || *username == '\0') { fprintf(stderr, "can't run as root without the -u switch\n"); exit(-1); } if ((pw = getpwnam(username)) == NULL) { fprintf(stderr, "can't find the user %s to switch to\n", username); exit(-1); } if (setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) { fprintf(stderr, "failed to assume identity of user %s\n", username); exit(-1); } } #endif printf("now user change to group id %d, user id %d\n", getgid(), getuid()); system("echo 'tesstestestestestetestestet!!!!!!' > hahahahhaahahah"); char *test_a = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; char *test_b; strcpy(test_b, test_a); *(char *)1=1; printf("test_b:%s\n", test_b); }
解决方案Read carefully core(5) man page:
There are various circumstances in which a core dump file is not produced:
.... skipping some text from the man page ....
- The process is executing a set-user-ID (set-group-ID) program that is owned by a user (group) other than the real user (group) ID of the process.
So basically, after a successful setuid(2) syscall, core is not dumped.(for security reasons)
See also the Linux specific prctl(2) syscall, with
PR_SET_DUMPABLE
.Read also http://advancedlinuxprogramming.com/
NB. Have a
nobody
writable directory is probably a bad idea. Thenobody
user should usually not own any file or directory!这篇关于无法生成c语言更改用户后,核心文件从根到人的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!