即使在seteuid之後,root priv也不能放入python中。一個錯誤?即使在seteuid之後,root priv也不能放入python中。一個錯誤?
編輯摘要:我忘了放棄gid。雖然,接受的答案可能會對你有所幫助。
嗨。我無法在我的linux上刪除python 3.2的root權限。實際上,即使在seteuid(1000)之後,它也可以讀取根擁有的400模式文件。 euid肯定設置爲1000!
我在空os.fork()調用後發現,特權訪問被正確拒絕。 (但它只在父類中,孩子仍然可以非法讀取。)它是python中的bug還是linux?
請試試下面的代碼。在底部註釋掉三行中的一行,並以root身份運行。
預先感謝。
#!/usr/bin/python3
# Python seteuid pitfall example.
# Run this __as__ the root.
# Here, access to root-owned files /etc/sudoers and /etc/group- are tried.
# Simple access to them *succeeds* even after seteuid(1000) which should fail.
# Three functions, stillRoot(), forkCase() and workAround() are defined.
# The first two seem wrong. In the last one, access fails, as desired.
# ***Comment out*** one of three lines at the bottom before execution.
# If your python is < 3.2, comment out the entire def of forkCase()
import os
def stillRoot():
"""Open succeeds, but it should fail."""
os.seteuid(1000)
open('/etc/sudoers').close()
def forkCase():
"""Child can still open it. Wow."""
# setresuid needs python 3.2
os.setresuid(1000, 1000, 0)
pid = os.fork()
if pid == 0:
# They're surely 1000, not 0!
print('uid: ', os.getuid(), 'euid: ', os.geteuid())
open('/etc/sudoers').close()
print('open succeeded in child.')
exit()
else:
print('child pid: ', pid)
open('/etc/group-').close()
print('parent succeeded to open.')
def workAround():
"""So, a dummy fork after seteuid is necessary?"""
os.seteuid(1000)
pid = os.fork()
if pid == 0:
exit(0)
else:
os.wait()
open('/etc/group-').close()
## Run one of them.
# stillRoot()
# forkCase()
# workAround()
糟糕,這正是gid問題。愚蠢的我。 非常感謝Rakis,他們都指出了我的錯誤和詳細的解釋。 – 2011-06-03 08:35:44