尽管具有文件的执行权限,但无法执行文件

尽管具有文件的执行权限,但无法执行文件

我显然误解了文件权限的某些方面。

我正在尝试从 Drupal 安装中执行在 Linux 机器的文件g++中编译的二进制文件:/var/www/html/modules

uname -a
Linux <redacted> 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

如果我ls -almodules目录中运行,我可以看到我对该文件拥有完全权限(作为用户apache):

whoami
apache

pwd
/var/www/html/modules

ls -al
total 108
drwxrwxrwx. 42 apache apache  4096 May  8 17:03 .
drwxrwxrwx.  9 apache apache  4096 May  8 16:49 ..
. . .
-rwxrwxrwx.  1 apache apache 46016 May  8 16:38 my_binary

cd ../..
ls -al
total 8
drwxr-xr-x.  4 root   root     33 Dec  3 10:31 .
drwxr-xr-x. 21 root   root   4096 Dec 11 18:49 ..
drwxr-xr-x.  2 root   root      6 Nov 16 16:19 cgi-bin
drwxrwxrwx.  9 apache apache 4096 May  8 16:49 html

这是发行版信息:

cat /proc/version
Linux version 3.10.0-1160.6.1.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) ) #1 SMP Tue Nov 17 13:59:11 UTC 2020

为了完整起见,这里file对文件进行运行:

file my_binary
my_binary: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), BuildID[sha1]=e7fb75e11b7234dc1129e9502304fcc7440fd788, for GNU/Linux 3.2.0, not stripped

而且,如果我检查mount | grep noexec,当前目录似乎不会显示在结果中:

mount | grep noexec
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,perf_event)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,memory)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpuacct,cpu)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,net_prio,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,blkio)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,hugetlb)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,pids)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,freezer)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpuset)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,devices)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)

并且,正如评论中所建议的,以下是结果cat /proc/mounts | grep noexec

cat /proc/mounts | grep noexec
devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,seclabel,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
cgroup /sys/fs/cgroup/perf_event cgroup rw,seclabel,nosuid,nodev,noexec,relatime,perf_event 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,seclabel,nosuid,nodev,noexec,relatime,memory 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,seclabel,nosuid,nodev,noexec,relatime,cpuacct,cpu 0 0
cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,seclabel,nosuid,nodev,noexec,relatime,net_prio,net_cls 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,seclabel,nosuid,nodev,noexec,relatime,blkio 0 0
cgroup /sys/fs/cgroup/hugetlb cgroup rw,seclabel,nosuid,nodev,noexec,relatime,hugetlb 0 0
cgroup /sys/fs/cgroup/pids cgroup rw,seclabel,nosuid,nodev,noexec,relatime,pids 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,seclabel,nosuid,nodev,noexec,relatime,freezer 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,seclabel,nosuid,nodev,noexec,relatime,cpuset 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,seclabel,nosuid,nodev,noexec,relatime,devices 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0

尽管如此,尝试运行该文件仍会出现权限错误:

./my_binary
bash: line 84: ./my_binary: Permission denied

这里可能存在什么问题,或者我如何进一步诊断导致权限问题的原因?


我有义务说我在进行(简单的)Hack the Box 挑战时遇到了这个问题。不过,我正在通过挑战来学习,这是一个我真的很想从中学习的障碍。

答案1

感谢@Stéphane Chazelas 的提示,我想我找到了答案。

如果我运行sestatus,我会得到:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          error (Permission denied)
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

因此,有额外的保护措施。如果我随后运行ls -alZ以显示应用于文件的 selinux 策略,我会看到:

ls -alZ
drwxrwxrwx. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 .
drwxr-xr-x. root   root   system_u:object_r:httpd_sys_content_t:s0 ..
. . .
drwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 modules

我相信这httpd_sys_rw_content_t意味着该文件只允许读取和写入;与文件权限无关。所以,我需要找到一种方法来绕过这个限制(或者,我正走在完全错误的方向上)。

相关内容