8_25 设置用户id或组id的程序绝对不能再调用system函数。安全漏洞


vim 8_24.c
#include "apue.h"
int main(int argc, char *argv[])
{
        int status;
        if(argc < 2)
                err_quit("Please enter the command to be executed.");


        if ((status = system(argv[1])) < 0)
                err_sys("system() error");


        pr_exit(status);


        return 0;
}

gcc -Wall -ggdb3 -o call_system 8_24.c
In file included from apue.h:132,
                 from 8_24.c:1:
error.c: In function `err_doit':
error.c:121: warning: implicit declaration of function `vsnprintf'
error.c:123: warning: implicit declaration of function `snprintf'



vim 8_25.c
#include "apue.h"


int main()
{
        printf("uid = %d\teuid=%d\n",getuid(),geteuid());
        exit(0);
}

gcc -Wall -ggdb3 -o pr_uid 8_25.c
In file included from apue.h:132,
                 from 8_25.c:1:
error.c: In function `err_doit':
error.c:121: warning: implicit declaration of function `vsnprintf'
error.c:123: warning: implicit declaration of function `snprintf'
8_25.c: In function `main':
8_25.c:5: warning: int format, uid_t arg (arg 2)
8_25.c:5: warning: int format, uid_t arg (arg 3)


正常执行:

./call_system pr_uid
uid = 2733      euid=2733
normal termination,exit status = 0



1 当我chown root call_system

chmod u+s call_system

再执行:./call_system pr_uid
uid = 2733      euid=0 得到euid为0。 call_system 的权限给了pr_uid. 
normal termination,exit status = 0

你可能感兴趣的:(apue)