当非 root 用户向 root 用户的进程发送信号时会发生什么?

当非 root 用户向 root 用户的进程发送信号时会发生什么?

我想知道 UNIX 信号的安全性。

SIGKILL将杀死该进程。那么,当非 root 用户的进程向 root 用户的进程发送信号时会发生什么?该进程是否仍然执行信号处理程序?

我遵循已接受的答案(gollum 的),然后输入man capabilites,然后发现了很多有关 Linux 内核的内容。从man capabilities:

NAME

   capabilities - overview of Linux capabilities
DESCRIPTION

   For the purpose of performing permission checks, traditional UNIX
   implementations distinguish two categories of processes: privileged
   processes (whose effective user ID is 0, referred to as superuser or
   root), and unprivileged processes (whose effective UID is nonzero).
   Privileged processes bypass all kernel permission checks, while
   unprivileged processes are subject to full permission checking based
   on the process's credentials (usually: effective UID, effective GID,
   and supplementary group list).

   Starting with kernel 2.2, Linux divides the privileges traditionally
   associated with superuser into distinct units, known as capabilities,
   which can be independently enabled and disabled.  Capabilities are a
   per-thread attribute.

答案1

在 Linux 上,这取决于文件功能。

采用以下简单mykill.c来源:

#include <stdio.h>
#include <sys/types.h>
#include <signal.h>
#include <stdlib.h>

void exit_usage(const char *prog) {
        printf("usage: %s -<signal> <pid>\n", prog);
        exit(1);
}

int main(int argc, char **argv) {
        pid_t pid;
        int sig;

        if (argc != 3)
                exit_usage(argv[0]);

        sig = atoi(argv[1]);
        pid = atoi(argv[2]);

        if (sig >= 0 || pid < 2)
                exit_usage(argv[0]);

        if (kill(pid, -sig) == -1) {
                perror("failed");
                return 1;
        }
        printf("successfully sent signal %d to process %d\n", -sig, pid);

        return 0;
}

构建它:

gcc -Wall mykill.c -o /tmp/mykill

现在,以 root 用户身份在后台启动睡眠进程:

root@horny:/root# /bin/sleep 3600 &
[1] 16098

现在作为普通用户尝试杀死它:

demouser@horny:/home/demouser$ ps aux | grep sleep
root     16098  0.0  0.0  11652   696 pts/20   S    15:06   0:00 sleep 500

demouser@horny:/home/demouser$ /tmp/mykill -9 16098
failed: Operation not permitted

现在作为 root 用户更改/tmp/mykill上限:

root@horny:/root# setcap cap_kill+ep /tmp/mykill

然后以普通用户身份重试:

demouser@horny:/home/demouser$ /tmp/mykill -9 16098
successfully sent signal 9 to process 16098

最后请/tmp/mykill出于明显原因删除;)

答案2

没有什么:

strace kill -HUP 1
[...]
kill(1, SIGHUP)    = -1 EPERM (Operation not permitted)
[...]

答案3

kill(2)手册页解释:

Linux笔记

在不同的内核版本中,Linux 对非特权进程向另一个进程发送信号所需的权限实施了不同的规则。在内核1.0到1.2.2中,如果发送者的有效用户ID与接收者的有效用户ID匹配,或者发送者的真实用户ID与接收者的真实用户ID匹配,则可以发送信号。从内核 1.2.3 到 1.3.77,如果发送方的有效用户 ID 与接收方的真实或有效用户 ID 匹配,则可以发送信号。当前的规则符合 POSIX.1-2001,在内核 1.3.78 中采用。

答案4

信号会传输,但进程所有者属于 root。因此,其他用户无权终止该进程,因此您将收到权限错误问题。

仅当您拥有该进程的所有权(适当的权利)时,才可以终止该进程。

相关内容