perl 代码的值是:ex.pl
system("cat /etc/shadow");
我把上面的文件改成 root (chown root ex.pl)。我的问题是,如果组中的用户(例如:apache)执行上述 perl 文件,那么影子文件将迎合他吗?提前致谢 。
问问题
387 次
2 回答
2
You should try it yourself. To understand why it doesn't work:
/etc/shadow usually has permissions like this:
[cnicutar@fresh ~]$ ls -l /etc/shadow
-rw------- 1 root root 316 Jul 20 09:36 /etc/shadow
When you execute your script it doesn't matter who owns it (except when using setuid which you can't for scripts anyway).
The one thing that maters is who is executing it. So apache will execute the script and it will be considered "others": no permissions.
于 2011-07-29T21:15:01.577 回答
0
不,因为 perl 代码(CGI 脚本?)将以 apache 用户的权限执行。但是,如果您在 sudo 文件中有 apache 用户(或您的网络服务器的用户或任何正在执行您的代码的用户,如果它是一个守护进程),那么您可以执行 system("sudo cat /etc/shadow"); 那会奏效的。
于 2011-07-29T21:13:28.190 回答