Spotify 官方应用程序能够以非 root 用户身份获取 root 权限

Spotify 官方应用程序能够以非 root 用户身份获取 root 权限
OS: Debian 11 5.10.0-22-amd64 #1 SMP Debian 5.10.178-3 (2023-04-22) x86_64 GNU/Linux
KDE Plasma 5.20.5
Spotify: spotify-client/stable,now 1:1.2.8.923.g4f94bf0d amd64 [installed]

我发现 Spotify 客户端发生了一件有趣的事情。为了解决客户端始终停留在全屏模式的问题,我正在编辑位于的首选项文件。~/.config/spotify/prefs 在编辑窗口首选项的值并保存后,启动 Spotify 客户端会用之前的更改覆盖这些更改。

为了尝试测试是否可以让窗口退出全屏,我将文件的所有权更改为 root,并且chmod 444.但是在启动 Spotify 客户端(作为我的非 root 用户)时,首选项文件被从 root 更改为我的用户。

root@localhost:/home/ehammer/.config/spotify# ls -l
total 12
-rw-r--r-- 1 ehammer ehammer 1265 May 13 09:39  prefs
drwx------ 4 ehammer ehammer 4096 Feb 12  2022 'User Data'
drwxrwxr-x 3 ehammer ehammer 4096 Feb 12  2022  Users
root@localhost:/home/ehammer/.config/spotify# ps -Helf | grep spotify
4 S root       39890   39357  0  80   0 -  1560 -      09:45 pts/1    00:00:00               grep spotify
root@localhost:/home/ehammer/.config/spotify# nano prefs 
root@localhost:/home/ehammer/.config/spotify# ls -lisa
total 20
19794776 4 drwx------  4 ehammer ehammer 4096 May 13 09:46  .
19791874 4 drwxr-xr-x 43 ehammer ehammer 4096 May 13 09:43  ..
19806299 4 -rw-r--r--  1 ehammer ehammer 1233 May 13 09:46  prefs
19794777 4 drwx------  4 ehammer ehammer 4096 Feb 12  2022 'User Data'
19795125 4 drwxrwxr-x  3 ehammer ehammer 4096 Feb 12  2022  Users
root@localhost:/home/ehammer/.config/spotify# chown root:root prefs
root@localhost:/home/ehammer/.config/spotify# chmod 444 prefs
root@localhost:/home/ehammer/.config/spotify# ls -lisa
total 20
19794776 4 drwx------  4 ehammer ehammer 4096 May 13 09:46  .
19791874 4 drwxr-xr-x 43 ehammer ehammer 4096 May 13 09:43  ..
19806299 4 -r--r--r--  1 root         root         1233 May 13 09:46  prefs
19794777 4 drwx------  4 ehammer ehammer 4096 Feb 12  2022 'User Data'
19795125 4 drwxrwxr-x  3 ehammer ehammer 4096 Feb 12  2022  Users
root@localhost:/home/ehammer/.config/spotify# ps -Helf | grep spotify
4 S root       40089   39357  0  80   0 -  1560 -      09:46 pts/1    00:00:00               grep spotify
0 S ehammer   39903    1580 21  80   0 - 889253 -     09:46 ?        00:00:01     /usr/share/spotify/spotify
0 S ehammer   39907   39903  0  80   0 - 99941 -      09:46 ?        00:00:00       /usr/share/spotify/spotify --type=zygote --no-zygote-sandbox --no-sandbox --log-severity=disable --user-agent-product=Chrome/111.0.5563.65 Spotify/1.2.8.923 --lang=en --user-data-dir=/home/ehammer/.config/spotify/User Data --log-file=/usr/share/spotify/debug.log
1 S ehammer   39929   39907  5  80   0 - 1054195 -    09:46 ?        00:00:00         /usr/share/spotify/spotify --type=gpu-process --no-sandbox --log-severity=disable --user-agent-product=Chrome/111.0.5563.65 Spotify/1.2.8.923 --lang=en --user-data-dir=/home/ehammer/.config/spotify/User Data --gpu-preferences=WAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAABAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file=/usr/share/spotify/debug.log --shared-files --field-trial-handle=0,i,10976918143839319429,9883613349491165854,131072 --disable-features=BackForwardCache
0 S ehammer   39908   39903  0  80   0 - 99943 -      09:46 ?        00:00:00       /usr/share/spotify/spotify --type=zygote --no-sandbox --log-severity=disable --user-agent-product=Chrome/111.0.5563.65 Spotify/1.2.8.923 --lang=en --user-data-dir=/home/ehammer/.config/spotify/User Data --log-file=/usr/share/spotify/debug.log
1 S ehammer   39987   39908  0  80   0 - 155341 -     09:46 ?        00:00:00         /usr/share/spotify/spotify --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --proxy-server=direct:// --log-severity=disable --user-agent-product=Chrome/111.0.5563.65 Spotify/1.2.8.923 --lang=en --user-data-dir=/home/ehammer/.config/spotify/User Data --log-file=/usr/share/spotify/debug.log --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,i,10976918143839319429,9883613349491165854,131072 --disable-features=BackForwardCache
1 S ehammer   40065   39908 44  80   0 - 13148967 -   09:46 ?        00:00:02         /usr/share/spotify/spotify --type=renderer --log-severity=disable --user-agent-product=Chrome/111.0.5563.65 Spotify/1.2.8.923 --disable-spell-checking --user-data-dir=/home/ehammer/.config/spotify/User Data --first-renderer-process --no-sandbox --log-file=/usr/share/spotify/debug.log --lang=en-US --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1683982549076978 --launch-time-ticks=3057595647 --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,i,10976918143839319429,9883613349491165854,131072 --disable-features=BackForwardCache
0 S ehammer   39995   39903  3  80   0 - 260094 -     09:46 ?        00:00:00       /usr/share/spotify/spotify --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --proxy-server=direct:// --log-severity=disable --user-agent-product=Chrome/111.0.5563.65 Spotify/1.2.8.923 --lang=en --user-data-dir=/home/ehammer/.config/spotify/User Data --log-file=/usr/share/spotify/debug.log --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,i,10976918143839319429,9883613349491165854,131072 --disable-features=BackForwardCache
root@localhost:/home/ehammer/.config/spotify# ls -lisa
total 20
19794776 4 drwx------  4 ehammer ehammer 4096 May 13 09:46  .
19791874 4 drwxr-xr-x 43 ehammer ehammer 4096 May 13 09:43  ..
19812078 4 -rw-r--r--  1 ehammer ehammer 1233 May 13 09:46  prefs
19794777 4 drwx------  4 ehammer ehammer 4096 Feb 12  2022 'User Data'
19795125 4 drwxrwxr-x  3 ehammer ehammer 4096 Feb 12  2022  Users

ps 输出中的调试日志不存在,但有一些日志条目:

May 13 09:47:01 localhost systemd[1377]: app-spotify-4ebf47d306f04211acbf7b15afdef435.scope: Consumed 4.087s CPU time.
May 13 09:47:01 localhost systemd[1377]: app-spotify-4ebf47d306f04211acbf7b15afdef435.scope: Succeeded.
May 13 09:46:46 localhost dbus-daemon[1397]: [session uid=1000 pid=1397] Activating service name='org.kde.kwalletd5' requested by ':1.103' (uid=1000 pid=39903 comm="/usr/share/spotify/spotify ")
May 13 09:46:46 localhost dbus-daemon[1397]: [session uid=1000 pid=1397] Activating service name='org.kde.kwalletd5' requested by ':1.103' (uid=1000 pid=39903 comm="/usr/share/spotify/spotify ")
May 13 09:46:46 localhost systemd[1377]: Started Spotify - Music Player.

systemd 或 dbus 是否允许它执行超级用户操作?我的非 root 用户确实具有 sudo 访问权限,但只能使用密码。 kwallet 是否能够将这些 sudo 权限传递给请求它的进程?

我不知道非 root 用户进程如何以任何方式更改 root 拥有的只读文件?

答案1

应用程序不需要 root 权限来执行此操作:如果它可以写入包含的目录,则它可以删除 root 拥有的文件并将其替换为自己的文件。请注意,文件的索引节点已更改:这意味着原始文件已被删除。

相关内容