phpÒÔrootȨÏÞÖ´ÐеĽâ¾ö·½°¸Ö®Ò»

ÕâÖÖÎÊÌâÎÒÏë´ó¼Ò¿ÉÄܶ¼Óöµ½¹ý£¬ÍøÓÑÌṩµÄ½â¾ö·½·¨Ò²ºÜ¶à¡£ÎÒÒ²Ö»ÊǽáºÏ×Ô¼ºÏµÍ³µÄÐèÇó²¢½áºÏÍøÓѵĽâ¾ö·½°¸À´×ܽáµÄÒ»ÖÖ·½·¨
ÓÃÀ´×÷Ϊ½â¾öphpÒÔrootȨÏÞÖ´ÐÐһЩÆÕͨÓû§²»ÄÜÖ´ÐеÄÃüÁî»òÓ¦ÓõIJο¼¡£
ÆäʵphpÀïµÄpopen()º¯ÊýÊÇ¿ÉÒÔ½â¾öÕâ¸öÎÊÌâµÄ£¬µ«ÊÇÓÉÓÚijЩ°æ±¾µÄlinux(ÈçÎÒʹÓõÄCentos 5)¶Ôϵͳ°²È«µÄ¿¼ÂÇ£¬
ʹµÃÕâ¸öÎÊÌâ½â¾öÆðÀ´Âé·³Á˺öࡣÏÈÀ´¿´Ò»¸öÍøÓÑʹÓÃpopen()º¯ÊýµÄÀý×Ó¡£
/* PHPÖÐÈçºÎÔö¼ÓÒ»¸öϵͳÓû§
ÏÂÃæÊÇÒ»¶ÎÀý³Ì£¬Ôö¼ÓÒ»¸öÃû×ÖΪjamesµÄÓû§,
rootÃÜÂëÊÇ louis¡£½ö¹©²Î¿¼
*/
$sucommand = "su root --command";
$useradd = "/scripts/demo/runscripts.php";
$rootpasswd = "louis";
$user = "james";
$user_add = sprintf("%s %s",$sucommand,$useradd);
$fp = @popen($user_add,"w");
@fputs($fp,$rootpasswd);
@pclose($fp); 
¾­¹ý×Ô¼ºµÄ²âÊÔ£¬Ö¤Êµ´Ë¶Î´úÂëÊDz»ÄÜʵÏÖ£¨ÖÁÉÙÔÚÎÒµÄϵͳÀïÊÇÕâÑùµÄ£©×÷ÕßÏëÒª»ñµÃµÄ½á¹ûµÄ¡£¾­¹ý×Ô¼ººÜ³¤Ê±¼äµÄgoogleÖ®ºó£¬
ÎÊÌâµÄ¹Ø¼üÊÇsu rootÕâ¸öÃüÁîÐèÒªµÄÃÜÂë±ØÐëÒÔÖն˵ķ½Ê½ÊäÈ룬²»ÄÜͨ¹ýÆäËüµÄ·½Ê½£¨ÎÒÒ²²»ÖªµÀ»¹ÓÐûÓÐÆäËüµÄ·½Ê½£©»ñµÃ¡£
ÓÖÓÉÓÚÏîÄ¿ÒªÇó²»ÄÜʹÓÃÀàËÆÓÚsudoÕâÖÖÓ¦Óã¬ÎÞÄÎ֮ϣ¬ÎÒÑ¡ÔñÁËÍøÓÑÌá³öµÄÓñàдC³ÌÐòµÄ·½·¨À´½â¾ö´ËÎÊÌâ¡£
Ê×ÏÈд¸öC³ÌÐò£¬ÃüÃûΪ:run.c ·ÅÔÚĿ¼/scripts/demo/ÏÂ
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main()
{
uid_t uid ,euid;
//char cmd[1024]; //±äÁ¿ÔÝʱδʹÓÃ
uid = getuid() ;
euid = geteuid();
printf("my uid :%u\n",getuid()); //ÕâÀïÏÔʾµÄÊǵ±Ç°µÄuid ¿ÉÒÔ×¢Ê͵ô.
printf("my euid :%u\n",geteuid()); //ÕâÀïÏÔʾµÄÊǵ±Ç°µÄeuid
if(setreuid(euid, uid)) //½»»»ÕâÁ½¸öid
perror("setreuid");
printf("after setreuid uid :%u\n",getuid());
printf("afer sertreuid euid :%u\n",geteuid());
system("/scripts/demo/runscripts.php"); //Ö´Ðнű¾
return 0;
}
±àÒë¸ÃÎļþ£º
gcc -o run -Wall run.c
 
Ôڸ÷¾¶ÏÂÉú³ÉrunÎļþ£¬Õâ¸ö¿ÉÖ´ÐÐÎļþ¡£Èç¹ûÏÖÔÚÓ