为什么 sudo 使用 strace 会失败?

为什么 sudo 使用 strace 会失败?

我可以毫无问题地运行此命令。

/tmp $ sudo echo "hello world"
hello world

但是,这个命令失败:

/tmp $ strace -o /tmp/out.log sudo echo "hello world"
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

该错误消息的来源据称是基于文件系统配置。

问题归结为,strace 如何影响 sudo 使得某些 nosuid 文件系统变得相关?

当前工作目录是/tmp。

/tmp $ df .
Filesystem     1K-blocks     Used Available Use% Mounted on
/dev/tmpn1p1 101584140 60379868  41187888  60% /
/tmp $ mount | grep tmpn1p1
/dev/tmpn1p1 on / type ext4 (rw,relatime,discard,data=ordered)

答案1

sudo必须以 的身份运行root,它使用 Set UID 位来实现这一点(---s------,或0o4000八进制的 ,如下所示)。设置该位后,程序始终按拥有者用户运行的方式执行,而不是按当前登录的用户运行。

$ ls -l /usr/bin/sudo
-rwsr-xr-x 1 root root 149080 Jan 31  2020 /usr/bin/sudo
$ stat -c '%a' /usr/bin/sudo
4755

sudo当您通过运行时strace,您可能会发现strace将调用的变体exec(),并且不会尊重设置 UID 位,因此sudo不会以如下方式运行root

$ strace -e execve sudo echo "hello world"
execve("/usr/bin/sudo", ["sudo", "echo", "hello world"], 0x7fffc171e2e0 /* 36 vars */) = 0
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
+++ exited with 1 +++

只要您不尝试检查其自身的操作,颠倒strace和的顺序就可以实现您想要的效果:sudosudo

$ sudo strace -e execve echo "hello world"
[sudo] password for attie:
execve("/bin/echo", ["echo", "hello world"], 0x7ffc300dbb28 /* 17 vars */) = 0
hello world
+++ exited with 0 +++

这里的根本问题是,strace将使用ptrace(),在这种状态下,不可能遵守设置 UID 位,否则会出现安全问题。

在以下情况下运行时也会发生同样的事情gdb

$ gdb sudo -ex 'run echo "hello world"' -ex quit
GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from sudo...(no debugging symbols found)...done.
Starting program: /usr/bin/sudo echo "hello world"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
[Inferior 1 (process 27480) exited with code 01]

相关内容