我需要写一些代码,可以获取root权限并执行系统级操作。以下是我写的代码(这不是实际代码,只是为了测试我是否做得正确):
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
int main(void)
{
int current_uid = getuid();
printf("My UID is: %d. My GID is: %d\n", current_uid, getgid());
system("/usr/bin/id");
if (setuid(0))
{
perror("setuid");
return 1;
}
//I am now root!
printf("My UID is: %d. My GID is: %d\n", getuid(), getgid());
system("/usr/bin/id");
//Time to drop back to regular user privileges
setuid(current_uid);
printf("My UID is: %d. My GID is: %d\n", getuid(), getgid());
system("/usr/bin/id");
return 0;
}
在执行
gcc -o setuid setuid.c
之后,我在其上运行了ls -al,得到了以下结果:tarun@staging:~$ ls -al setuid
-rwxr-xr-x 1 tarun tarun 9792 2009-10-03 18:09 setuid
adam@staging:~$
尝试运行应用程序会导致以下结果:
tarun@staging:~$ ./setuid
My UID is: 1000. My GID is: 1000
uid=1000(tarun) gid=1000(tarun) groups=1000(tarun),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),125(sambashare),999(bumblebee)
setuid: Operation not permitted
我将所有者更改为root,并相应地设置粘滞位:
tarun@staging:~$ su - root
Password:
staging:~# cd /home/tarun
staging:/home/tarun# chown root.root setuid
staging:/home/tarun# chmod +s setuid
staging:/home/tarun# ls -al setuid
-rwsr-sr-x 1 root root 9792 2009-10-03 18:09 setuid
staging:/home/tarun# exit
logout
tarun@staging:~$
现在执行程序会得到以下结果:
adam@staging:~$ ./setuid
My UID is: 1000. My GID is: 1000
uid=1000(tarun) gid=1000(tarun) groups=1000(tarun),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),125(sambashare),999(bumblebee)
setuid: Operation not permitted
尽管理想情况下应该完全执行并将我的
uid
更改为0。我做错了什么?
ecryptfs
类型,它强制执行 nosuid 和 nodev 以避免特权升级攻击。我不认为我可以关闭它。有什么解决方法吗? - Tarun Verma