AIX LIBPATH 和 STICKY BIT 设置
我有可以正常运行的可执行文件。它加载一个共享库。我在启动该 exe 之前设置了 LIBPATH。 现在,如果我将 exe 的权限更改为 root 拥有并设置粘性位,则它无法加载共享库。 如果我在 /usr/lib 中创建到共享库的链接,则一切正常。
此问题的任何原因和解决方案。
I have executable which runs fine in normal way. It loads a shared library. and I setting LIBPATH before launching that exe.
Now If I change the permission of the exe to owned by root and set sticky bit, then it fails to load the shared library.
If I create link in /usr/lib to the shared library everything works fine.
Any reason and solution for this problem.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是一项安全功能 - 当运行设置了粘性位的内容时,不会使用用户环境中的
LIBPATH。如果它允许您在设置了 suid 的可执行文件上使用用户设置的LIBPATH,则有人可能会加载恶意库来危害系统。另请注意,Linux 系统中也存在此安全功能 - 在运行粘性位可执行文件时,用户环境中的 LD_LIBRARY_PATH 将被忽略。
可能的解决方案
1 - 一种解决方案是授予用户
sudo权限来执行该命令,在这种情况下,您可以执行以下操作:sudo LIBPATH=" ..." 可执行文件2 - 另一种解决方案是创建一个设置
LIBPATH的 shell 脚本,然后执行可执行文件,并在 shell 脚本上设置粘滞位,如下所示...It's a security feature -
LIBPATHfrom your user environment is not used when running something with the sticky bit set. If it allowed you to use a user-setLIBPATHon an executable with suid set on it, someone could load a malicious library to compromise the system.Also note that this security feature exists in Linux systems as well -
LD_LIBRARY_PATHfrom a user's environment will be ignored when running a sticky-bit executable.Possible Solutions
1 - One solution is to grant a user
sudoprivilege to execute that command, in which case you could do something like...sudo LIBPATH="..." executable2 - Another solution is to create a shell script that sets
LIBPATHand then executes the executable, and set the sticky bit on your shell script, like this...