我今天看到一篇文章,其中提到了以下内容:
对于任何感兴趣阅读完整文章的人,以下是链接:A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in Real World。
这篇文章解释了代码的问题所在,但我想知道:“允许任何本地用户获得root访问权限”是什么意思。虽然我不是C语言方面的专家,但可以有人给出具体情境,在这种漏洞中攻击者将如何操作?特别是,如果我们假设这段代码存在,那么假设我是本地用户,我将如何获得root访问权限?"We've found many errors over the years. One of the absolute best was the following in the X Window System:
if(getuid() != 0 && geteuid == 0) { ErrorF("Only root"); exit(1); }
It allowed any local user to get root access. (The tautological check geteuid == 0 was intended to be geteuid() == 0. In its current form, it compress the address of geteuid to 0; given that the function exists, its address is never 0)."
对于任何感兴趣阅读完整文章的人,以下是链接:A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in Real World。