Can I use the system function in a suid or Sgid program?

Source: Internet
Author: User

The Declaration and description of the system () function is as follows:

  

Note that it is described there, System () executes a command defined by the commands parameter, and implements this function by invoking the/BIN/SH-C command. In other words, the logic of it is like this!

Process calls the system function, the system function calls fork to create a child process, and then calls the EXEC function to replace the body segment of the child process with the body of the/bin/sh command. Then, by SH, exec executes the body segment of the program into the body of the command represented by the commands parameter, for example, one of my program a.out calls the system function to execute the Sleep 20 command, and its process is as follows:

  

You can refer to the following example, as shown in:

Here I executed a system file, resulting in two processes, 3994 and 3995 (shown on the right side of the terminal, the first column is Ppid, the second column is PID), the two processes are parent-child relationships, it is worth noting that the process ID of the two processes is attached, This means that no new processes are generated when the two processes are executed.

Next, in section 8.13 of the Apue (Advanced Programming for UNIX environment, which is not described below), the author emphasizes that the system function should not be called in Suid and Sgid programs. Why, my personal understanding is this.

Take SUID permissions as an example, suid the purpose of this permission setting is to provide a controllable super-privilege. For example, passwd command, run passwd This program, the process of the effective user ID is root, theoretically can do whatever you want (that is, how to change the shadow this file), but the code of the PASSWD program has been written dead, The user to do the operation must pass passwd this procedure examination, conforms to the standard to be able to carry on, otherwise the program will prompt the error! (That is, you cannot make changes to the shadow file as freely as vim, but only under some specification).

At the same time, this authority should be limited and cannot be propagated arbitrarily. For example, a program like man that executes a shell command executes a shell command through the fork-exec mechanism, and in some distribution there is a man user who belongs to the user and sets the SUID bit. That is, I any ordinary user after running the man program is a valid user is man, if at this time the ordinary user in the Man program Execution Shell command, the shell command process should not be a valid user should be man, set the user ID should not continue to keep it, of course, no, In this way, an ordinary user can not be able to use this method to have the rights of the man user! (If you keep the set user ID, you can call the Setuid function in the child process to change the process's valid user ID to the set user ID, as well as to the above-mentioned purpose)

OK, that's a bunch of these, that's why suid or Sgid programs should not call the system function to execute a shell command because it propagates the process's set user ID and valid user ID, passing it to the child process, which creates a bug. This is theoretically true, but in practice I find that seemingly not, my centos6.6 can not simulate this bug, such as I have a program:

The code for the GETRESUID program is as follows:

1 /*The function of this program is to get the three user ID of the process, and its executable file is made a soft link to the/home/michael/bin below2  * */3#include <errno.h>4#include <string.h>5#include <stdlib.h>6#include <stdarg.h>7#include <stdio.h>8#include <sys/types.h>9#include <unistd.h>Ten #defineBUFSIZE 512 One voidErr_exit (Char*fmt,...); A intMainintargcChar*argv[]) - { - uid_t Ruid,euid,suid; the  -     if(-1= = Getresuid (&ruid,&euid,&suid)) -Err_exit ("[Getresuid]:"); -printf"real:%d\teffective:%d\tset-user:%d\n", ruid,euid,suid); +  -     return 0; +}

The code for the System program is as follows:

1#include <stdlib.h>2#include <stdio.h>3 intMainintargcChar*argv[])4 {5 uid_t Ruid,euid,suid;6 7     if(-1= = Getresuid (&ruid,&euid,&suid))8Err_exit ("[Getresuid]:");9printf"real:%d\teffective:%d\tset-user:%d\n", ruid,euid,suid);Ten  OneSystem"Getresuid"); A     return 0; -}

The function of this system program is to output the real uid,effective uid of the process first, and the Set-user ID, and then to call the GETRESUID program through the system function to output the three UID again, I turned the system executable into root and added suid permissions to execute the results such as:

  

The output of the first UID is expected, that is, because the SUID permission bit is set, the valid user ID is 0. But the output of the second UID is somewhat different from the imagination, in theory, the system function should be able to pass the Set-user ID and valid user ID to the subprocess, but here the three UID all becomes 500, no one is root, This could be because the system function changed all three UID to the actual user ID before exec, or the SH command changed all three uid to the actual user ID before exec.

As it seems, it seems unlikely to call the system function in the SUID program, but for the sake of insurance, you can implement a system by fork and exec, and then set the three UID to the actual user ID before exec.

Can I use the system function in a suid or Sgid program?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.