Linux在调用execv()/execve()时终止进程
该程序在嵌入式Linux(内核版本:3.4.0)上执行。在调用Linux在调用execv()/execve()时终止进程,linux,embedded-linux,su,execve,Linux,Embedded Linux,Su,Execve,该程序在嵌入式Linux(内核版本:3.4.0)上执行。在调用execve()之前,还将调用setgid()和setuid()以切换到另一个用户(tstuser)。如果用户存在,则在/etc/[passwd&&group&&shadow]中可以找到必要的条目。命令su tstuser(通过root)也简单地报告“Killed”。之前已使用getrlimit()检查了资源限制,似乎一切正常。在dmesg&&/var/log/messages中找不到错误日志(没有一行) 原因可能是什么?如何使内核更
execve()setgid()setuid()tstuser/etc/[passwd&&group&&shadow]su tstuserrootgetrlimit()dmesg#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
int main( int argc, char *argv[] ) {
char *newargv[] = { NULL, NULL };
char *newenviron[] = { NULL };
if ( argc != 2 ) {
fprintf( stderr, "Usage: %s <file-to-exec>\n", argv[0] );
exit( EXIT_FAILURE );
}
newargv[0] = argv[1];
struct passwd * pw;
if ( ( pw = getpwnam( "tstuser" ) ) == NULL ) {
fprintf( stderr, "ERROR: the specified user '%s' does not exist\n", "tstuser" );
exit( EXIT_FAILURE );
}
else {
if ( setgid( pw->pw_gid ) != 0 ) {
fprintf( stderr, "ERROR: setgid() to %d failed\n", pw->pw_gid );
exit( EXIT_FAILURE );
}
else if ( setuid( pw->pw_uid ) != 0 ) {
fprintf( stderr, "ERROR: setuid() to %d failed\n", pw->pw_uid );
exit( EXIT_FAILURE );
}
}
execve( argv[1], newargv, newenviron );
perror( "execve" );
exit( EXIT_FAILURE );
}
#包括
#包括
#包括
#包括
#包括
int main(int argc,char*argv[]){
char*newargv[]={NULL,NULL};
char*newenviron[]={NULL};
如果(argc!=2){
fprintf(stderr,“用法:%s\n”,argv[0]);
退出(退出失败);
}
newargv[0]=argv[1];
结构passwd*pw;
if((pw=getpwnam(“tstuser”))==NULL){
fprintf(stderr,“错误:指定的用户“%s”不存在\n”,“tstuser”);
退出(退出失败);
}
否则{
如果(setgid(pw->pw_gid)!=0){
fprintf(stderr,“错误:setgid()到%d失败\n”,pw->pw_gid);
退出(退出失败);
}
否则如果(setuid(pw->pw_uid)!=0){
fprintf(stderr,“错误:setuid()到%d失败\n”,pw->pw\u uid);
退出(退出失败);
}
}
execve(argv[1],newargv,newenviron);
perror(“Exeve”);
退出(退出失败);
}
~# strace ./execve /bin/ls
execve("./execve", ["./execve", "/bin/ls"], [/* 13 vars */]) = 0
brk(0) = 0x145d000
uname({sys="Linux", node="sagVED_A", ...}) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=4666, ...}) = 0
mmap2(NULL, 4666, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6fb5000
close(3) = 0
open("/lib/tls/v5l/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/v5l", 0xbee6b468) = -1 ENOENT (No such file or directory)
open("/lib/tls/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls", 0xbee6b468) = -1 ENOENT (No such file or directory)
open("/lib/v5l/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/v5l", 0xbee6b468) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\354\225\262F4\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1245200, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6fb4000
mmap2(0x46b10000, 1284496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x46b10000
mprotect(0x46c3c000, 32768, PROT_NONE) = 0
mmap2(0x46c44000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12c) = 0x46c44000
mmap2(0x46c48000, 6544, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x46c48000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6fb3000
set_tls(0xb6fb34c0, 0xb6fb3b98, 0x46b07058, 0xb6fb34c0, 0x46b07058) = 0
mprotect(0x46c44000, 8192, PROT_READ) = 0
mprotect(0x46b06000, 4096, PROT_READ) = 0
munmap(0xb6fb5000, 4666) = 0
brk(0) = 0x145d000
brk(0x147e000) = 0x147e000
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fstat64(3, {st_mode=S_IFREG|0644, st_size=465, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6fb6000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 465
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb6fb6000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=4666, ...}) = 0
mmap2(NULL, 4666, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6fb5000
close(3) = 0
open("/lib/libnss_compat.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\340\r\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=30524, ...}) = 0
mmap2(NULL, 62060, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6fa3000
mprotect(0xb6fa9000, 32768, PROT_NONE) = 0
mmap2(0xb6fb1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb6fb1000
close(3) = 0
open("/lib/libnsl.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0p/\361F4\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=73264, ...}) = 0
mmap2(0x46f10000, 112464, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x46f10000
mprotect(0x46f21000, 28672, PROT_NONE) = 0
mmap2(0x46f28000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0x46f28000
mmap2(0x46f2a000, 5968, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x46f2a000
close(3) = 0
mprotect(0x46f28000, 4096, PROT_READ) = 0
mprotect(0xb6fb1000, 4096, PROT_READ) = 0
munmap(0xb6fb5000, 4666) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=4666, ...}) = 0
mmap2(NULL, 4666, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6fb5000
close(3) = 0
open("/lib/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/v5l/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls/v5l", 0xbee6b340) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls", 0xbee6b340) = -1 ENOENT (No such file or directory)
open("/usr/lib/v5l/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/v5l", 0xbee6b340) = -1 ENOENT (No such file or directory)
open("/usr/lib/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/usr/lib", {st_mode=S_IFDIR|0755, st_size=8456, ...}) = 0
munmap(0xb6fb5000, 4666) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
_llseek(3, 0, [0], SEEK_CUR) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=848, ...}) = 0
mmap2(NULL, 848, PROT_READ, MAP_SHARED, 3, 0) = 0xb6fb6000
_llseek(3, 848, [848], SEEK_SET) = 0
munmap(0xb6fb6000, 848) = 0
close(3) = 0
setgid32(1001) = 0
setuid32(1001) = 0
execve("/bin/ls", ["/bin/ls"], [/* 0 vars */] <unfinished ...>
+++ killed by SIGKILL +++
Killed
~#strace./execve/bin/ls
execve(“./execve”、[“/execve”、“/bin/ls”]、[/*13个变量*/])=0
brk(0)=0x145d000
uname({sys=“Linux”,node=“sagVED_A”,…})=0
access(“/etc/ld.so.preload”,R\u OK)=-1 enoint(没有这样的文件或目录)
打开(“/etc/ld.so.cache”,O|RDONLY | O|u CLOEXEC)=3
fstat64(3,{st_mode=S_IFREG | 0644,st_size=4666,…})=0
mmap2(空,4666,保护读取,映射私有,3,0)=0xb6fb5000
关闭(3)=0
open(“/lib/tls/v5l/libc.so.6”,O|RDONLY | O|u CLOEXEC)=-1 enoint(没有这样的文件或目录)
stat64(“/lib/tls/v5l”,0xbee6b468)=-1 enoint(没有这样的文件或目录)
open(“/lib/tls/libc.so.6”,O|RDONLY | O|u CLOEXEC)=-1 enoint(没有这样的文件或目录)
stat64(“/lib/tls”,0xbee6b468)=-1 enoint(没有这样的文件或目录)
open(“/lib/v5l/libc.so.6”,O|RDONLY | O|u CLOEXEC)=-1 enoint(没有这样的文件或目录)
stat64(“/lib/v5l”,0xbee6b468)=-1 enoint(没有这样的文件或目录)
open(“/lib/libc.so.6”,O|RDONLY | O|u CLOEXEC)=3
读(3),“\177ELF\1\1\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\354\225\262F4\0\0\0\0”…,512)=512
fstat64(3,{st_mode=S_IFREG | 0755,st_size=1245200,…})=0
mmap2(NULL,4096,保护读取|保护写入,映射私有|映射匿名,-1,0)=0xb6fb4000
mmap2(0x46b10000,1284496,PROT_READ | PROT_EXEC,MAP_PRIVATE | MAP_DENYWRITE,3,0)=0x46b10000
M保护(0x46c3c000,32768,保护无)=0
mmap2(0x46c44000,16384,保护读取,保护写入,映射私有,映射固定,映射DENYWRITE,3,0x12c)=0x46c44000
mmap2(0x46c48000,6544,保护读取,保护写入,映射私有,映射固定,映射匿名,-1,0)=0x46c48000
关闭(3)=0
mmap2(NULL,4096,保护读取|保护写入,映射私有|映射匿名,-1,0)=0xb6fb3000
设置(0xb6fb34c0、0xb6fb3b98、0x46b07058、0xb6fb34c0、0x46b07058)=0
mprotect(0x46c44000,8192,保护读取)=0
mprotect(0x46b06000,4096,保护读取)=0
munmap(0xb6fb50004666)=0
brk(0)=0x145d000
brk(0x147e000)=0x147e000
套接字(PF_文件,SOCK_流| SOCK_CLOEXEC | SOCK_非块,0)=3
connect(3,{sa_family=AF_文件,sun_path=“/var/run/nscd/socket”},110)=-1 enoint(没有这样的文件或目录)
关闭(3)=0
套接字(PF_文件,SOCK_流| SOCK_CLOEXEC | SOCK_非块,0)=3
connect(3,{sa_family=AF_文件,sun_path=“/var/run/nscd/socket”},110)=-1 enoint(没有这样的文件或目录)
关闭(3)=0
打开(“/etc/nsswitch.conf”,O|RDONLY | O|u CLOEXEC)=3
fcntl64(3,F_GETFD)=0x1(标志FD_CLOEXEC)
fstat64(3,{st_mode=S_IFREG | 0644,st_size=465,…})=0
mmap2(NULL,4096,保护读写,映射私有,映射匿名,-1,0)=0xb6fb6000
阅读(3),“#/etc/nsswitch.conf\n#\n#示例”…,4096)=465
读(3,“,4096)=0
关闭(3)=0
munmap(0xb6fb6000,4096)=0
打开(“/etc/ld.so.cache”,O|RDONLY | O|u CLOEXEC)=3
fstat64(3,{st_mode=S_IFREG | 0644,st_size=4666,…})=0
mmap2(空,4666,保护读取,映射私有,3,0)=0xb6fb5000
关闭(3)=0
open(“/lib/libnss_compat.so.2”,O_RDONLY | O_CLOEXEC)=3
读取(3),“\177ELF\1\1\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\340\r\0\0004\0\0\0”…,512)=512
fstat64(3,{st_mode=S_IFREG | 0755,st_size=30524,…})=0
mmap2(空,62060,保护读取,保护执行,映射私有,映射DENYWRITE,3,0)=0xb6fa3000
mprotect(0xb6fa9000,32768,无保护)=0
mmap2(0xB6FB10008192,保护读写,映射私有,映射固定,映射DENYWRITE,3,0x6)=0xb6fb1000
关闭(3)=0
open(“/lib/libnsl.so.1”,O|RDONLY | O|u CLOEXEC)=3
读取(3),“\177ELF\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0p/\361F4\0\0\0”…,512)=512
fstat64(3,{st_mode=S_IFREG | 0755,st_size=73264,…})=0
mmap2(0x46f10000,112464,保护读取,保护执行,映射私有,映射DENYWRITE,3,0)=0x46f10000
mprotect(0x46f21000、28672、PROT_NONE)=0
mmap2(0x46f28000,8192,保护读取|保护写入,映射私有|映射固定|映射DENYWRITE,3,0x10)=0x46f28000
mmap2(0x46f2a000,5968,保护读写,映射私有,映射固定,映射匿名,-1,0)=0x46f2a000
关闭(3)=0
mprotect(0x46f28000,4096,保护读取)=0
议员