Set-UID实验

//csdn博客目前暂时不再更新了，有兴趣请访问我的技术博客-晓的博客：zhangxiaolong.org 

写这个blog主要是对自己学习的内容进行一个总结和记录，希望对学习这些知识的同道之人有所帮助，第一次写博文，经验有所不足，我会慢慢练习。

实验操作我是参照了一位比较厉害的师兄，他的set_uid blog：http://blog.sina.com.cn/s/blog_70dd16910100pz8k.html。希望对大家有所帮助。

这个实验是信息安全实验的第一个实验，共有7个task，每一个task都有截图作为步骤。

1.  Figure out why "passwd", "chsh", "su", and "sudo" commands need to be Set-UIDprograms. What will happen if they are not? If you are not familiar with these programs, you should first learn what they can do by reading their manuals. Please copy these commands to your owndirectory; the copies will not be Set-UID programs. Run the copied programs, and observe whathappens.

实验截图如下：

                                                   图 1

                                                       图 2

   由图1，图2所示：拷贝到/home/seed下的passwd程序，没有了root权限，这样就没有了修改密码的权限。同样chsh su等等同样的道理。

2.  Run Set-UID shell programs in Linux, and describe and explain your observations.

(a) Login as root, copy /bin/zsh to /tmp, and make it a set-root-uid program with permission4755. Then login as a normal user, and run /tmp/zsh. Will you get root privilege? Please describe your observation. If you cannot find /bin/zsh in your operating system, please use the following command to install it:_ Note: in our pre-built Ubuntu VM image, zsh is already installed.

su

Password: (enter root password)

 yum install zsh

 For Ubuntu

$ su

Password: (enter root password)

apt-get install zsh

                                          图 3

由图3示，可以获得root权限

(b) Instead of copying /bin/zsh, this time, copy /bin/bash to /tmp, make it a set-root-uidprogram. Run /tmp/bash as a normal user. will you get root privilege? Please describe andexplain your observation.

                                             图 4

由图4示获得不了root权限，，从实验中可以看出/bin/bash有某种内在的保护机制可以阻止Set-UID机制的滥用。

3. (Setup for the rest of the tasks) As you can find out from the previous task,