【Linux二进制SUID和cap_setuid的区别】
[英][Linux Difference between SUID and cap_setuid of binary]
问题描述
"I dont understand difference between SUID of binary and cap_setuid in linux.Then, difference between SUID and setuid" 
“我不明白 linux 中二进制的 SUID 和 cap_setuid 之间的区别。那么,SUID 和 setuid 之间的区别”
1 个解决方案
解决方案1
1 2021-09-08 14:37:14
SUID for a binary means that the binary is instrumented to become a different effective user when started.二进制文件的 SUID 意味着二进制文件在启动时被检测为不同的有效用户。 For example:例如:
$ cp `which id` nobody_id
$ sudo chown nobody nobody_id
$ sudo chmod +s nobody_id
$ ./nobody_id
.... euid=65534(nobody) groups= ...
You can do the same thing but make the binary setuid- root to make the binary run with root 's privileges.您可以做同样的事情,但制作二进制 setuid- root以使二进制以root的权限运行。
CAP_SETUID is a Linux capability to permit a process to change UID from code: it can give the code permission to execute the setuid() system call. CAP_SETUID是 Linux 允许进程从代码更改 UID 的功能:它可以授予代码执行setuid()系统调用的权限。 This is considered a privilege over what normal user code can do.这被认为是普通用户代码可以执行的特权。 It can be given to a program using a file-capability that doesn't affect the ownership of the file:可以使用不影响文件所有权的文件功能将其提供给程序:
$ sudo setcap cap_setuid=ep my_program_binary
When ./my_program_binary is next run, it will run with that capability enabled.下次运行./my_program_binary时,它将在启用该功能的情况下运行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.