From: Eugene Prokopiev <prokopiev@stc.donpac.ru>
To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
Subject: Re: [sisyphus] dist-upgrade -> /bin/zsh: Permission denied
Date: Wed, 22 Mar 2006 17:21:45 +0300
Message-ID: <44215D79.9080205@ats-manager.stc.donpac.ru> (raw)
In-Reply-To: <44214203.5060108@ats-manager.stc.donpac.ru>
Написал такую программу :)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
int main(int argc, char **argv)
{
setuid(500);
execve("/bin/sh", 0, 0);
return 0;
}
strace при ее выполнении выдает:
execve("./setuid", ["./setuid"], [/* 27 vars */]) = 0
uname({sys="Linux", node="test.stc.donpac.ru", ...}) = 0
brk(0) = 0x804a000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=10388, ...}) = 0
mmap2(NULL, 10388, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f09000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240U\1"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1140208, ...}) = 0
mmap2(NULL, 1146964, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7df0000
mmap2(0xb7f02000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x112) = 0xb7f02000
mmap2(0xb7f06000, 8276, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f06000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7def000
mprotect(0xb7f02000, 4096, PROT_READ) = 0
munmap(0xb7f09000, 10388) = 0
setuid32(500) = 0
execve("/bin/sh", [0], [/* 0 vars */]) = -1 EACCES (Permission denied)
exit_group(0) = ?
Process 4619 detached
Файл /etc/ld.so.preload действительно отсутствует, однако из вывода
strace не следует, что это является причиной проблем. Более того, до
dist-upgrade этого файла тоже не было, но все работало. Вывод strace
выглядел так:
execve("./setuid", ["./setuid"], [/* 27 vars */]) = 0
uname({sys="Linux", node="test.stc.donpac.ru", ...}) = 0
brk(0) = 0x804a000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=10526, ...}) = 0
mmap2(NULL, 10526, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eed000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240U\1"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1140208, ...}) = 0
mmap2(NULL, 1146964, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7dd4000
mmap2(0xb7ee6000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x112) = 0xb7ee6000
mmap2(0xb7eea000, 8276, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7eea000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7dd3000
mprotect(0xb7ee6000, 4096, PROT_READ) = 0
munmap(0xb7eed000, 10526) = 0
setuid32(500) = 0
execve("/bin/sh", [0], [/* 0 vars */]) = 0
...
Process 4657 detached
Т.е., причины отказа выполнить /bin/sh совершенно непонятны. Что бы еще
такое написать в тестовой программе, чтобы узнать причину проблемы?
--
С уважением, Прокопьев Евгений
next prev parent reply other threads:[~2006-03-22 14:21 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-21 8:10 Eugene Prokopiev
2006-03-21 11:08 ` Eugene Prokopiev
2006-03-21 12:24 ` Michael Shigorin
2006-03-21 13:26 ` Eugene Prokopiev
2006-03-21 13:39 ` Epiphanov Sergei
2006-03-21 13:49 ` Eugene Prokopiev
2006-03-21 14:12 ` Epiphanov Sergei
2006-03-21 14:22 ` Eugene Prokopiev
2006-03-21 14:48 ` Epiphanov Sergei
2006-03-22 11:08 ` Eugene Prokopiev
2006-03-21 14:53 ` ABATAPA
2006-03-22 11:10 ` Eugene Prokopiev
2006-03-22 12:09 ` Eugene Prokopiev
2006-03-22 12:24 ` Eugene Prokopiev
2006-03-22 14:21 ` Eugene Prokopiev [this message]
2006-03-22 14:43 ` Sergey Vlasov
2006-03-22 17:09 ` Eugene Prokopiev
2006-03-21 14:16 ` Epiphanov Sergei
2006-03-21 14:20 ` Eugene Prokopiev
2006-03-22 11:11 ` Eugene Prokopiev
2006-03-22 15:51 ` Dmitry V. Levin
2006-03-22 17:11 ` Eugene Prokopiev
2006-03-22 17:16 ` Eugene Prokopiev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44215D79.9080205@ats-manager.stc.donpac.ru \
--to=prokopiev@stc.donpac.ru \
--cc=sisyphus@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git