存在一个文件,其所属用户和用户组均为root
此时一个程序以root用户启动,内部代码调用setuid和setgid降低权限,再尝试读取文件内容,仍然可以被读取,具体C代码如下
#include <iostream>
#include <unistd.h>
#include <fstream>
#include <sys/fsuid.h>
int main(){
setregid(1001,1001);
setreuid(1001,1001);
std::cout<<"euid:"<<geteuid()<<std::endl;
std::cout<<"egid:"<<getegid()<<std::endl;
std::cout<<"uid:"<<getuid()<<std::endl;
std::cout<<"gid:"<<getgid()<<std::endl;
system("cat edmond");
std::ifstream ifile;
ifile.open("edmond", std::ios::in);
if(!ifile){
std::cout<<"fail"<<std::endl;
}else{
std::cout<<"ok"<<std::endl;
char buffer[256];
while (!ifile.eof()){
ifile.getline(buffer,100);
std::cout<<buffer<<std::endl;
}
}
}
此时程序的运行结果如下