本文通过实验对比了不同权限设置(如755、4755、6755)及调用setuid(0)和setgid(0)对进程权限的影响,并附带展示了特定权限下程序的实际运行效果。
suid 标识位,可执行程序文件以所有者的身份被执行
1039进程sh
root@generic:/system/bin # cat /proc/1039/status
cat /proc/1039/status
Name: sh
State: S (sleeping)
Tgid: 1039
Pid: 1039
PPid: 1033
TracerPid: 0
Uid: 2000 2000 2000 2000
Gid: 2000 2000 2000 2000
755情况
root@generic:/system/bin # ls -all | grep test_while
ls -all | grep test_while
-rwxr-xr-x root root 109420 2015-06-23 22:37 test_while
root@generic:/system/bin # ps | grep test_while
ps | grep test_while
shell 1042 1039 272 68 00000000 0000823c R ./test_while
root@generic:/system/bin # cat /proc/1042/status
cat /proc/1042/status
Name: test_while
State: R (running)
Tgid: 1042
Pid: 1042
PPid: 1039
TracerPid: 0
Uid: 2000 2000 2000 2000
Gid: 2000 2000 2000 2000
4755情况
root@generic:/system/bin # ls -all | grep test_while
ls -all | grep test_while
-rwsr-xr-x root root 109420 2015-06-23 22:37 test_while
root@generic:/system/bin # ps | grep test_while
ps | grep test_while
root 1073 1039 272 68 00000000 0000823c R ./test_while
root@generic:/system/bin # cat /proc/1073/status
cat /proc/1073/status
Name: test_while
State: R (running)
Tgid: 1073
Pid: 1073
PPid: 1039
TracerPid: 0
Uid: 2000 0 0 0
Gid: 2000 2000 2000 2000
6755情况
root@generic:/system/bin # ls -all | grep test_while
ls -all | grep test_while
-rwsr-sr-x root root 109420 2015-06-23 22:37 test_while
root@generic:/system/bin # ps | grep test_while
ps | grep test_while
root 1085 1039 272 68 00000000 0000823c R ./test_while
root@generic:/system/bin # cat /proc/1085/status
cat /proc/1085/status
Name: test_while
State: R (running)
Tgid: 1085
Pid: 1085
PPid: 1039
TracerPid: 0
Uid: 2000 0 0 0
Gid: 2000 0 0 0
调用setuid(0)情况
root@generic:/system/bin # cat /proc/1229/status
cat /proc/1229/status
Name: test_while_setuid
State: R (running)
Tgid: 1229
Pid: 1229
PPid: 1039
TracerPid: 0
Uid: 0 0 0 0
Gid: 2000 0 0 0
调用setuid(0),setgid(0) 情况
root@generic:/system/bin # cat /proc/1260/status
cat /proc/1260/status
Name: test_while_setu
State: R (running)
Tgid: 1260
Pid: 1260
PPid: 1039
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
注:在/data/local/tmp目录无效。
测试文件权限:
root@hwH30:/data/local/tmp # ll | grep vnc1.out
ll | grep vnc1.out
---s--x--x root root 207368 2016-05-24 15:03 vnc1.out
shell执行文件:
shell@hwH30:/data/local/tmp $ ./vnc1.out
./vnc1.out
Initializing grabber method...
No grabber method selected, auto-detecting...
--Initializing framebuffer access method--
line_lenght=2880 xres=720, yres=1280, xresv=720, yresv=3840, xoffs=0, yoffs=0, bpp=32
Initializing virtual keyboard and touch device...
---Initializing uinput...---
cannot create virtual kbd device.
Initializing VNC server:
width:
720
height:
1280
bpp: 32
port: 5901
Colourmap_rgba=16:8:0:24
length=8:8:8:8
SEND BUFFER SET 0
15/02/2017 17:16:52 Listening for VNC connections on TCP port 5901
SEND BUFFER SET 0
15/02/2017 17:16:52 Listening for HTTP connections on TCP port 5801
15/02/2017 17:16:52 URL http://localhost:5801
Starting IPC connection...binded to port 13132
Waiting for a connection
执行结果:
root@hwH30:/ # ps | grep vnc
ps | grep vnc
shell 6110 3403 20280 460 ffffffff 40197980 S ./vnc1.out
u0_a79 7813 184 707616 81488 ffffffff 401169e4 S com.reka.vnchid.ui
u0_a87 31568 184 530296 21984 ffffffff 401169e4 S com.schumi.vncs
root@hwH30:/ # cat /proc/6110/status
cat /proc/6110/status
Name: vnc1.out
State: S (sleeping)
Tgid: 6110
Pid: 6110
PPid: 3403
TracerPid: 0
Uid: 2000
2000 2000
2000
Gid: 2000
2000 2000
2000
FDSize: 32
扫一扫
2717
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
