c - 第二个 getpwuid 调用似乎覆盖了旧值

Question

这是一个小型 C 程序，当文件设置了 setuid 标志时，它会打印（嗯，应该打印）进程的真实有效 ID。在这个程序中，当我getpwuid第二次调用（L.No 38）时，它往往会覆盖在 L.No 24 中获得的变量的值。realUserName我无法解释这种行为。这是预期的行为吗？为什么？我正在 Linux 机器（RHEL 2.6.18-371.1.2.el5）中尝试这个。

  1 /* Filename: test.c
  2  * Notes:
  3  * 1] ./test owned by user cadmn (userID: 3585)
  4  * 2] ./test run by user pmn (4471)
  5  * 3] ./test has the setuid bit switched-on.
  6  */
  7 #include <stdio.h>
  8 #include <pwd.h>
  9 #include <sys/types.h>
 10 #include <unistd.h>
 11 int main()
 12 {
 13
 14     uid_t realId, effectiveId;
 15     struct passwd *realUser, *effUser;
 16
 17     realId = getuid(); // realId = 4471
 18     effectiveId = geteuid(); //effectiveId = 3585
 19
 20     printf("Real ID is %i and Effective ID is %i\n", (int)realId, (int)effectiveId);
 21     //prints 4472 and 3585, respectively
 22
 23     realUser = getpwuid(realId);
 24     char *realUserName = realUser->pw_name; //realUserName = pmn
 25
 26     printf("Real ID (name) at this point is %s\n", realUserName);
 27     // prints pmn.
 28
 29     /*
 30      *********************************************************
 31      *                                                       *
 32      *    everything works as expected up to this point      *
 33      *                                                       *
 34      *********************************************************
 35      */
 36
 37     // The value obtained from this call is not used anywhere in this program
 38     effUser = getpwuid(effectiveId);
 39     printf("\nCalled getpwuid with the effectiveId\n\n");
 40
 41     printf("Real ID is %i and Effective ID is %i\n", (int)realId, (int)effectiveId);
 42     //prints 4472 and 3585, respectively
 43
 44     printf("Real ID (name) at this point is %s.\n", realUserName);
 45     // Expect to still see 'pmn' printed; though see 'cadmn' as the output!
 46     // Why does this happen?
 47
 48     return 0;
 49 }
 50

输出：

pmn@rhel /tmp/temp > id pmn
uid=4471(pmn) gid=1000(nusers) groups=1000(nusers)
pmn@rhel /tmp/temp >

pmn@rhel /tmp/temp > id cadmn
uid=3585(cadmn) gid=401(cusers) groups=401(cusers)
pmn@rhel /tmp/temp >

pmn@rhel /tmp/temp > ls -l ./test
-r-sr-xr-x 1 cadmn cusers 9377 Dec 24 19:48 ./test
pmn@rhel /tmp/temp >

pmn@rhel /tmp/temp > ./test
Real ID is 4471 and Effective ID is 3585
Real ID (name) at this point is pmn

Called getpwuid with the effectiveId

Real ID is 4471 and Effective ID is 3585
Real ID (name) at this point is cadmn.
pmn@rhel /tmp/temp >

Answer 1

您观察到的行为是预期的行为。

的返回值引用的结构getpwuid()在后者内部静态定义，因此每次调用getpwuid().

这条线

char * realUserName = realUser->pw_name; 

只存储对这个静态内部结构持有的值的引用。如果静态内部结构被下一次调用覆盖，该值也会被覆盖getpwuid()。

要解决这个问题，有两种可能性：

• 使用 te 的可重入getpwuid()版本getpwuid_r()。为了能够使用它，添加

  #define _POSIX_SOURCE
  

  在程序源代码中的第一个语句^之前 。#include

• pw_name在这种情况下，创建您需要的成员的副本。可以通过例如执行以下操作来实现：

  char * realUserName = strdup(realUser->pw_name);
  

  请注意，realUserName它现在指向动态分配的内存，free()如果不再需要，则需要由程序本身编辑。为此，请致电

  free(realUserName);