0

Hello stackoverflow guys,

I have written a C program that simply invokes a bash shell using system("/bin/bash")

If i enable the setuid permission bit and execute the program, the invoked shell does not have euid set to 0. This is ok, because we know that bash shell drop privileges.

BUT if i change /bin/sh to point to /bin/bash using sudo ln -s /bin/bash /bin/sh

and then execute system with /bin/sh as an argument then the new invoked shell has euid=0.

I am working on ubuntu 10.04

Why this happens?

4

1 回答 1

4

这是 debian 补丁的一个“奇怪”功能:bash_4.2-5.diff bash as /bin/sh 在 POSIX 模式下工作,并且 POSIX shell(如破折号)不会放弃特权(带有 -p 或 bash 的 bash在 debian/ubuntu 中符号链接为 /bin/sh)

于 2012-11-23T00:25:17.230 回答