0

I know, passwd has setuid bit set and hence it can modify root owned /etc/shadow file.

[~]$ ls -l `which passwd`
-rwsr-xr-x. 1 root root 27832 Jan 29  2014 /usr/bin/passwd

But how it is making sure that it can modify only the current account's password if logged in as a non-root user.

4

1 回答 1

0

通过 geteuid() 和类似方法可以获得额外的 UID/GID 值。有效的 UID 是任何用户启动程序的 UID。所有 setuid 权限用于将运行时凭据更改为有效 UID/GUI 的凭据。然后应用正常权限。

于 2015-07-14T04:51:17.450 回答