请考虑这种情况,其中可执行文件A.bin使用libY.so和libZ.so. A.c,Y.c和Z.c均用C编写.Z.c和Y.c被编译成各自的.so文件.
Consider this scenario in which an executable A.bin uses libY.so and libZ.so. A.c, Y.c and Z.c are all written in C.Z.c and Y.c are compiled into respective .so files.
$ home/bin/A.bin$ home/lib/libY.so$ home/lib/libZ.so
当我以普通用户身份运行A.bin时,A.bin正常运行.注意:$ LD_LIBRARY_PATH包含$ home/lib
When I run A.bin as normal user, A.bin runs normally as expected.Note: $LD_LIBRARY_PATH contains $home/lib
I changed some code in A.c adding some functionality which needs admin privileges(like binding to a port less than 1000).I set the setuid bit for A.bin, libY.so and libZ.so to rwsrwsrws, and change the ownership of the files to root. When I try to run A.bin, I get the following error
ld.so.1: A.bin: fatal: libY.so: open failed: No such file or directoryKilled
When I just remove the setuid permission from all those files, then the binary runs except for the functionality fails where it needs root privileges.
操作系统为Solaris 5.10
The OS is Solaris 5.10
正如AProgrammer所说,在执行setuid程序时,$ LD_LIBRARY_PATH被忽略.因此,链接时必须使用此标志将路径硬编码到可执行文件本身中
As AProgrammer said, while executing setuid programs, $LD_LIBRARY_PATH is ignored. Hence the path has to be hardcoded in the executable itself using this flag while linking
gcc -R $ home/lib
gcc -R $home/lib
The -R flag builds runtime search path list into executable.
参考: http://www.justskins.com/forums/loading-shared-libraries-from-a-setuid-program-116597.html