我写了一个名为killSPR的小C实用程序来杀死RHEL盒子上的以下进程.这个想法适用于登录这个linux盒子的人能够使用这个实用程序杀死下面提到的进程(这不起作用 – 如下所述).
cadmn@rhel /tmp > ps -eaf | grep -v grep | grep " SPR "
cadmn 5822 5821 99 17:19 ? 00:33:13 SPR 4 cadmn
cadmn 10466 10465 99 17:25 ? 00:26:34 SPR 4 cadmn
cadmn 13431 13430 99 17:32 ? 00:19:55 SPR 4 cadmn
cadmn 17320 17319 99 17:39 ? 00:13:04 SPR 4 cadmn
cadmn 20589 20588 99 16:50 ? 01:01:30 SPR 4 cadmn
cadmn 22084 22083 99 17:45 ? 00:06:34 SPR 4 cadmn
cadmn@rhel /tmp >
该实用程序由用户cadmn(运行这些进程)拥有,并在其上设置了setuid标志(如下所示).
cadmn@rhel /tmp > ls -l killSPR
-rwsr-xr-x 1 cadmn cusers 9925 Dec 17 17:51 killSPR
cadmn@rhel /tmp >
C代码如下:
/*
* Program Name: killSPR.c
* Description: A simple program that kills all SPR processes that
* run as user cadmn
*/
#include dio.h>
int main()
{
char *input;
printf("Before you proceed,find out under which ID I'm running. Hit enter when you are done...");
fgets(input,2,stdin);
const char *killCmd = "kill -9 $(ps -eaf | grep -v grep | grep \" SPR \" | awk '{print $2}')";
system(killCmd);
return 0;
}
与cadmn不同的用户(pmn)尝试使用此实用程序终止上述进程并失败(如下所示):
pmn@rhel /tmp > ./killSPR
Before you proceed,find out under which ID I'm running. Hit enter when you are done...
sh: line 0: kill: (5822) - Operation not permitted
sh: line 0: kill: (10466) - Operation not permitted
sh: line 0: kill: (13431) - Operation not permitted
sh: line 0: kill: (17320) - Operation not permitted
sh: line 0: kill: (20589) - Operation not permitted
sh: line 0: kill: (22084) - Operation not permitted
pmn@rhel /tmp >
当用户等待上面的输入时,检查进程killSPR并且看作是作为用户cadmn运行(如下所示),尽管killSPR无法终止进程.
cadmn@rhel /tmp > ps -eaf | grep -v grep | grep killSPR
cadmn 24851 22918 0 17:51 pts/36 00:00:00 ./killSPR
cadmn@rhel /tmp >
顺便说一句,没有一个主要分区有任何nosuid
pmn@rhel /tmp > mount | grep nosuid
pmn@rhel /tmp >
最佳答案
首先,setuid位只允许脚本设置uid.该脚本仍需要调用setuid()或setreuid()以分别在真实uid或有效uid中运行.如果不调用setuid()或setreuid(),脚本仍将以调用脚本的用户身份运行.
原文链接:https://www.f2er.com/linux/441130.html避免系统和执行,因为他们出于安全原因删除权限.您可以使用kill()来终止进程.
检查这些.
http://linux.die.net/man/2/setuid
