如何使用 set-guid bit 漏洞使用以下 3 个易受攻击的程序执行 root 拥有的文件 /bin/grade?我不是 root 也不是 bsp* 组的成员,因此我对程序的访问仅限于读取和执行。对于文件 /bin/grade,我只有读取权限,但我想将它作为组 bsp* 执行。
运行此代码时,如何从 shell 调用 SIGALRM?
我将在 shell 上调用程序
exec -a "/bin/grade" prog1 1000 &
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
char cmdbuf[128] = "echo interrupt signal caught, terminating ";
char *progname;
void handle_signal(int sig)
{
int len = sizeof(cmdbuf) - (strlen(cmdbuf) + 1);
if (strlen(progname) > len)
progname[len] = '\0';
strcat(cmdbuf, progname);
system(cmdbuf);
exit(1);
}
void usage()
{
printf("%s <n> where 0 < n <= 1000\n", progname);
exit(1);
}
/*
* The program takes one argument line parameter n (which has to be a
* positive integer input parameter) and then prints out the first n
* prime numbers.
*/
int main(int argc, char **argv)
{
struct sigaction sa;
int cnt, N, found;
unsigned long candidate, divisor;
gid_t egid = getegid();
setregid(egid, egid);
/* set up signal handling */
memset(&sa, sizeof(struct sigaction), 0);
sa.sa_handler = handle_signal;
sigaction(SIGALRM, &sa, NULL);
/* process argument */
progname = argv[0];
if (argc != 2)
usage();
N = strtol(argv[1], NULL, 10);
if ((N <= 0) || (N > 1000))
usage();
/* calculate prime numbers -- simple sieve */
candidate = 1;
for (cnt = 0; cnt < N; ++cnt) {
for (;;) {
found = 1;
divisor = 2;
candidate += 1;
while (divisor <= candidate/2) {
if ((candidate % divisor) == 0) {
found = 0;
break;
}
else
++divisor;
}
if (found)
break;
}
printf("%ld\n", candidate);
}
return 0;
}