|
|
|
|
|
|
|
| À̸§ : È£¼® (220.¢½.198.142) |
|
| ³¯Â¥ : 2007-06-18 21:28:53 |
|
| Á¦¸ñ : À¥¿¡¼ ½Ã½ºÅÛÆÄÀÏ °ü¸®Çϱâ good |
|
½© > ½ºÅ©¸³Æ® > suid > ¼ÂÀ¯¾ÆÀ̵ð
µµ¸ÞÀÎÀ» °ü¸®ÇÏ´Â FTP °èÁ¤ÀÌ myname À̶ó°í ÇÏ°í,±× °èÁ¤ ±Ç
Submitted by woonuk on È, 2006/01/03 - 10:28pm.
µµ¸ÞÀÎÀ» °ü¸®ÇÏ´Â FTP °èÁ¤ÀÌ myname À̶ó°í ÇÏ°í,
±× °èÁ¤ ±ÇÇÑÀ¸·Î ¿øÇÏ´Â ÀÛ¾÷À» ÇÒ¼öÀÖ´Â ½©½ºÅ©¸³Æ®¸¦ mywork.sh ¶ó°í ¸¸µé°í,
ÀÌ°ÍÀ» °¨½Î´Â wrapper.c ¸¦ Çϳª ÀÛ¼ºÇÕ´Ï´Ù.
#define REAL_PATH "/home/user/bin/mywork.sh"
main(ac, av)
char **av;
{
execv(REAL_PATH, av);
}
gcc -o mywork wrapper.c
chown myname mywork.sh
chmod 4711 mywork
±×·±´ÙÀ½ php ¿¡¼ exec(), system() µîÀ¸·Î È£ÃâÇÏ¸é µË´Ï´Ù.
½©½ºÅ©¸³Æ® ½ÇÇà½Ã¿¡ EUID°¡ »ç¶óÁö´Â ¹®Á¦ ¶§¹®¿¡ #!/bin/sh -p ÀÌ·¸°Ô -p ¿É¼ÇÀ» Ãß°¡ÇØ ÁÖ¾î¾ß ÇÏ´õ±º¿ä.
man bash Çغ¸¸é ¾Æ·¡ ³»¿ëÀÌ ÀÖ½À´Ï´Ù.
Àοë:If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS variable, if it appears in the environment, is ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.
| |
|
|
|
È£¼® |
|
|
|
Áß¿ä ------------> #!/bin/sh -p ÀÌ·¸°Ô -p ¿É¼ÇÀ» Ãß°¡ÇØ ÁÖ¾î¾ß ÇÏ´õ±º¿ä. |
07-07-26 14:43
211.¢½.74.31
|
|
|
