setegid()在C的suid-root二进制文件中
[英]setegid() in a suid-root binary in C
问题描述
Good evening, I am trying to write a suid-root binary in C and I have stumbled across the following problem: I execute it as a non-privileged user user1 and I am able to use setuid/seteuid to change to any user id I want. 
晚上好,我试图用C写一个suid-root二进制文件,我偶然发现了以下问题:我以非特权用户user1的身份执行它,并且能够使用setuid / seteuid更改为任何用户id想。 The problem is that I can't do that with effective group ids. 问题是我无法使用有效的组ID来做到这一点。 Part of code: 部分代码:
if ( setegid(VariableID) == -1 ) {
perror("setegid failed");
exit(1);
}
and this returns: 这将返回:
setegid failed: Operation not permitted
Please note that I can successfully change group IDs between root(0) and the user that executes the binary but I can't change to other groups. 请注意,我可以在root(0)和执行二进制文件的用户之间成功更改组ID,但不能更改为其他组。 Shouldn't this be possible since the binary is suid-root like the UID/EUID? 因为二进制文件像UID / EUID一样是suid-root,所以这不可能吗?
1 个解决方案
解决方案1
0 已采纳 2014-09-26 14:30:59
The answer (thanks Ingo Leonhardt) is that you need to change the group id before the user id. 答案(感谢Ingo Leonhardt)是您需要在用户ID之前更改组ID。 It kind of makes sense now.. :) 现在有点有意义了.. :)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.