📄
字号:
id_change = 1;<br> } <br> if (id_change) {<br> /* We can't suid-execute if we're sharing parts of the executable */<br> /* or if we're being traced (or if suid execs are not allowed) */<br> /* (current->mm->count > 1 is ok, as we'll get a new mm anyway) */<br> if (IS_NOSUID(bprm->inode)<br> ` || (current->flags & PF_PTRACED)<br> || (current->fs->count > 1)<br> || (current->sig->count > 1)<br> || (current->files->count > 1)) {<br> if (!suser())<br> return -EPERM;<br> }<br> }<br> memset(bprm->buf,0,sizeof(bprm->buf));<br> return read_exec(bprm->inode,0,bprm->buf,128,1);<br> </font><font FACE="宋体" size="3">/* 读入可执行文件的头 128 个 byte 到 bprm->buf 中 */<br> }</font><font FACE="宋体" SIZE="2"><br> <br> </font><font FACE="宋体" size="3"> ///* 其中,read_exec()函数中有如下语句:<br> / * read_exec(struct inode *inode, ...)<br> / * ......<br> / * file.f_inode = inode;<br> / * .......<br> / * result = file.f_op->read(inode, &file, addr, count);<br> / * .......<br> */</font><font FACE="宋体" SIZE="2"></p> </font><font face="宋体" size="2" color="#ff0000"><p><img src="dot2.jpg" alt="dot2.bmp (278 bytes)" WIDTH="10" HEIGHT="11"> </font><font FACE="宋体" color="#0080C0" size="4"><em><strong>函数 copy_string():</strong></em></font><font FACE="宋体" SIZE="2"></p> <p><font face="宋体" size="2" color="#ff0000">/* this is in file linux/fs/exec.c */</font></p> <p>/*<br> * 'copy_string()' copies argument/envelope strings from user<br> * memory to free pages in kernel mem. These are in a format ready<br> * to be put directly into the top of new user memory.<br> *<br> * Modified by TYT, 11/24/91 to add the from_kmem argument, which specifies<br> * whether the string and the string array are from user or kernel segments:<br> * from_kmem argv * argv <br> *<br> * 0 user space user space<br> * 1 kernel space user space<br> * 2 kernel space kernel space<br> * <br> * We do this by playing games with the fs segment register. Since it<br> * is expensive to load a segment register, we try to avoid calling<br> * set_fs() unless we absolutely have to.<br> */</p> <p>/*<br> * cycle the list of binary formats handler, until one recognizes the image<br> */<br> int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)<br> {<br> int try,retval=0;<br> struct linux_binfmt *fmt;<br> #ifdef __alpha__<br> /* handle /sbin/loader.. */<br> {<br> struct exec * eh = (struct exec *) bprm->buf;<br> if (!bprm->loader && eh->fh.f_magic == 0x183 &&<br> (eh->fh.f_flags & 0x3000) == 0x3000)<br> {<br> char * dynloader[] = { "/sbin/loader" };<br> iput(bprm->inode);<br> bprm->dont_iput = 1;<br> remove_arg_zero(bprm);<br> bprm->p = copy_strings(1, dynloader, bprm->page, bprm->p,2);bprm->argc++;<br> bprm->loader = bprm->p;<br> retval = open_namei(dynloader[0], 0, 0, &bprm->inode, NULL);<br> if (retval)<br> return retval;<br> bprm->dont_iput = 0;<br> retval = prepare_binprm(bprm);<br> if (retval<0)<br> return retval;<br> /* should call search_binary_handler recursively here,<br> but it does not matter */<br> }<br> }<br> #endif<br> for (try=0; try<2; try++) {<br> for (fmt = formats ; fmt ; fmt = fmt->next) {<br> int (*fn)(struct linux_binprm *, struct pt_regs *) = fmt->load_binary;<br> if (!fn)<br> continue;<br> retval = fn(bprm, regs);<br> if (retval >= 0) {<br> if(!bprm->dont_iput)<br> iput(bprm->inode);<br> bprm->dont_iput=1; <br> current->did_exec = 1;<br> return retval;<br> }<br> if (retval != -ENOEXEC)<br> break;<br> if (bprm->dont_iput) /* We don't have the inode anymore*/<br> return retval;<br> }<br> if (retval != -ENOEXEC) {<br> break;<br> #ifdef CONFIG_KERNELD<br> }else{<br> #define printable(c) (((c)=='\t') || ((c)=='\n') || (0x20<=(c) && (c)<=0x7e))<br> char modname[20];<br> if (printable(bprm->buf[0]) &&<br> printable(bprm->buf[1]) &&<br> printable(bprm->buf[2]) &&<br> printable(bprm->buf[3]))<br> break; /* -ENOEXEC */<br> sprintf(modname, "binfmt-%hd", *(short*)(&bprm->buf));<br> request_module(modname);<br> #endif<br> }<br> }<br> return retval;<br> }</p> </font><font face="宋体" size="2" color="#ff0000"><p>/* In the file linux/fs/inode.c */</font><font FACE="宋体" SIZE="2"></p> <p>void iput(struct inode * inode)<br> {<br> if (!inode)<br> return;<br> wait_on_inode(inode);<br> if (!inode->i_count) {<br>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -