UNIX system programming common library function description

xiaoxiao2021-03-06  90

UNIX system programming common library function description

UNIX systems provide a number of subroutines for programmers, which can access various security properties. Some information subroutines, return file properties, actual and valid UID, GID, etc. Some subroutions can change file properties Some of .uid, GID, etc. have some password files and group files, and some completion of encryption and decryption. This article mainly discusses the security of system programs, standard C library subroutines, how to write secure C procedures and introduce program design from root (Subprints that can only be called). The license value (8 enclosure). Such as: Creat ("/ usr / pat / read_write", 0666) / * Establish an access license method 0666 file * / Call this subroutine process must have a file The write and execution of the directory, the licensing mode of the Creat () will be modified by the files set by Umask () settings, the owner and team of the new file is determined by the valid UID and GID. Return value is new Document file descriptor. * Fst (): See Stat (). * Open (): Open the file inside the C program. Requires two parameters: file path name and open mode (I, O, I & I & I,

O). If you call this subroutine does not have the correct access to the file to be opened (including all directory components on the file path), the execution failed. If this subroutine is called to open does not exist File unless the O_CREAT flag is set, the call will not succeed. At this point, the access license of the new file is the third parameter (can be modified by the user's umask). When the file is turned on, change the file or the file. The access license of the directory does not affect the I / O operation of the file. * Read (): Read information from the file that has been opened and used as input by Open (). It does not care about the access license of the file. Once the file is opened as an input, you can read the information from the file. * Write (): Output information is in a file that has been opened and used as an output. Like read () it does not care about the file. Take a license. (2) Process control * Exec (): including Execl (), Execv (), Execle (), Execve (), Execlp (), Execvp () can copy a executable model to the calling process possession Storage space. Programs that are being called processes will not exist, the new program replaces its location. This is the only way to perform a program in the UNIX system: Cover the original program with the executed program. Secure pay attention Matters:. The actual and effective UID and GID passed to programs that do not have SUID and SGID licenses by Exec (). If there are SUID and SGID licenses, the programs are being licensed if there are SUIDs and SGID licenses, which are valid UID and GID will set it to the owner or group of the program. The file establishing the shield value will be passed to the new program. In addition to the file of the exec () shutdown flag, all open files are passed to the new program. With FCNTL ( The subroutine can set the shutdown flag to Exec (). * For (): It is used to create a new process. The sub-process established is exactly the same copy as the process of calling fork () (except the process number) Safety Precautions: The child process will inherit the actual and effective UID and GID and GID of the Parent process. The child process inherits the file to establish a shield value. All open files pass to the child process. * Signal (): Allow process handling possible Unexpected events and interruptions occur. Two parameters are required: the subroutines to be called when the signal number and the signal occur. The signal number is defined in Signal.h. The subroutine to be called when the signal occurs can be written by the user, and the system can be used Value, such as: SIG_IGN, the signal will be ignored, SIG_DFL signal will be processed by the default method of the system. If many security-related programs are prohibited from the end of the interrupt information (BREAK and DELETE), so as to avoid running by the user terminal. Some Signal of Unix The core dump of the process of generating the process (the process of the memory is received, sometimes it contains important information), which can be used to disable core dumps. (3) File Properties * Access (): Detect the specified file Has accessibility complies with the specified access type. It takes two parameters: file name and access type (integer) to be detected. Access type is defined as follows: 0: Check if the file exists 1: Check if you can perform (Search) 2: Check if you can write 3: Check if you can write and execute 4: Check if you can read 5: Check if you can read and execute 6: Check if readable can be written, perform these numbers, and the licensing method in the chmod command Number meanings. This subroutine uses the actual UID and GID detection file access capabilities (generally valid UID and GID to check file access capabilities). Return Value: 0: License-1: No license. * Chmod : Change the access license method of the specified file or directory to a new license method. Two parameters are required: file names and new access methods. * Chown (): At the same time, change the owner and group of the specified file, and the UID of the group (Different with the chown command). Since this subroutor changes the owner and group of the file at the same time, you must cancel the SUID and SGID license of the file to prevent the user from establishing the SUID and SGID programs, then run Chown () to get Others' permissions. * Stat (): Return to the status of the file (attribute). Requires two parameters: file path name and a structural pointer, pointing to the location of status information. The structure is defined as follows: ST_MODE: File type and access Licensing method ST_INO: I Node ST_DEV: Id ST_RDEV: Id ST_NLINK: File Links ST_UID: File Owner's Uid ST_GID: File Group's GID ST_SIZE: File Size St_Atime:

Last Access Time (read) ST_MTIME: Last modified time (write) and final state change ST_CTIME: The final status modification time return value: 0: Success 1: Failure * umask (): Put the process and its sub-process file The establishment of the shield value is set to the specified access license. Requires a parameter: new file set screen value. (4) UID and GID processing * getUID (): Return the actual UID of the process. * GetGID (): return process GID. The above two subroutines can be used to determine who is running the process. * GetEuid (): Return the effective UID. * GetEgId (): Returns the effective GID of the process. The above two subroutions can be determined in a program to determine if it is It is useful when running a user rather than running its user's SUID program, which is called to check that this program is indeed running with the user's SUID. * SetUID (): Used to change the effective UID. For general Users, this subroutine is only useful to use the SuID program to be converted between valid and actual UIDs (from the original UID transformed into actual UID), to protect the process is not safe hazard. In fact, the process is no longer SUID mode Run. * Setgid (): Used to change the effective GID. 2. Standard C library (1) standard I / o * fopen (): Open a file for reading or writing, security considerations as Open (). * Fread (), getc (), fgetc (), gets (), scanf (), and fscanf (): read information from files that have been read from FOPEN (). They don't care about file access licenses. This point is READ (). * Fwrite (), put (), fputc (), puts, fputs (), printf (), fprintf (): write information to files that have been overwarded by FOPEN (). Also don't care about the access license of the file. With Write (). * Getpass (): From the terminal to 8 characters long passwords, do not return the user input character. Require a parameter: prompt information. The subroutine will The prompt information is displayed on the terminal, prohibiting character backup function, reading password from / dev / tty, then restore character backup function, returning the pointer of the password that just knocked into the password. * POPEN (): Will run in (5) Introduced in Shell. (2) / etc / passwd Processing There is a set of subroutines to make it easy access to the / etc / passwd file, read to the entry item or a new entry item or update, etc. * GetPwuid (): Get the entry of the specified UID from the / etc / passwd file Item. * GetPwnam (): For the specified login name, in the / etc / passwd file retrieve entry item. The above two subroutions returns a pointer to the Passwd structure, which is defined in /usr/include/pwd.h, define As follows: struct passwd {char * pw_name; / * Login name * / char * pw_passwd; / * encrypted password * / uid_t pw_uid; / * uid * / gid_t pw_gid; / * gid * / char * pw_age; / * agent Information * / char * pw_comment; / * Note * / char * pw_gecos; char * pw_dir; / ​​* Home directory * / char * pw_shell; / * used shell * /};

* getpwent (), setpwent (), endpwent (): Subsequent processing for password files. First call getPwent (), open / etc / passwd and return the pointer to the first entry item in the file, keep the file between the call Open status. Then call getPwent () can sequentially return the entry items in the password file. Call setPwent () Re-set the pointer of the password file as the beginning of the file. Use the full port file to call EndPwent () Close password file. * Putpwent (): Modify or add the entry item in the / etc / passwd file. This subroutine writes the entry entry into a specified file, which is generally a temporary file, and the direct write password file is very dangerous. Best Doing the file is blocked before execution, so that the two programs cannot be written at the same time. The algorithm is as follows:. Establish a separate temporary file, ie / etc / passnnn, nnn is the PID number. Establish a new temporary file and standard temporary file / ETC / PTMP chain, if there is a chain failure, someone is using / etc / ptmp, waiting until the / etc / ptmp can be used or exit. Copy / etc / passwd to / etc / ptmp, you can do this file Any modification is moved / etc / passwd to the backup file / etc / opasswd.. Create / etc / ptmp and / etc / passwd chain.. Disconnect / etc / passnnn and / etc / ptmp chain. Note: Temporary The file should be built in the / etc directory, in order to ensure that the file is in the same file system, the chain can be successful, and the temporary file will not be unsafe. In addition, if the new file already exists, even the chain is the root user, will also fail, This ensures that no one can insert internally, once the temporary file is successfully built. Of course, the program with temporary files should ensure that all temporary files are cleared, and the signal is correctly captured. (3) / etc / group processing has a set Similar to the previous subroutine processing / etc / group information, you must use the INCLUDE/grp.h file to add the /usr/include/grp.h file to your own program when using the file. This file defines the GROUP structure and will be made by getGRNAM (), getGrgid. (), getGrent () returns the Group structure pointer. * getGRNAM (): Search in the / etc / group file search specified group name, then return to the pointer to the group entry item. * getGRGID (): Similar to the previous subroutine, Different are the specified GID. * GetGrent (): Returns the next entry item in the group file. * SetGrent (): Put the file file file The pointer restores the starting point of the file. * EndGrent (): After completing the work, turn off the group file. * GetUID (): Returns the actual UID of the calling process. * GetPruid (): The actual UID returned by getUid () is parameter, Determine the login name corresponding to the actual UID, or specify a UID as a parameter. * GetLogin (): Returns the user's pointer to the user logged in on the terminal. The system checks stdin, stdout, stderr is associated with the terminal, associated with the terminal The standard input is used to determine the terminal name, the terminal name is used to find users listed in the / etc / utmp file, which is maintained by login, used by the WHO program to confirm the user. * CUSERID (): First call getLogin (), if getLogin () Returns the NULL pointer, then calls getPWUID (GetUID ()). * The following is the command: * logname: List the username of the login to the terminal. * WHO AM i: Shows the login of the user running this command. * ID: Displays the actual UID and GID (if effective UID and GID and the actual different simultaneous display of valid UID and GID) and the corresponding login name. (4) Encrypted subroutine in January 1977, NBS announced a use The standard encryption method of the network of the US Federal Government ADP system: Data Encryption Standard, DES, is used for non-confident applications. DES handles 64bits block, 56-bit encryption keys. * SetKey (), encrypt (): Provide user pair DES is accessed. This two subroutine takes a 64bits long character array. Each element in the array represents a bit, 0 or 1.SetKey () setting will be done by the DES processing, ignore each 8th A 56-bit encryption key .Encrypt () then encrypts or decrypts a given 64BITS long, encrypted or decrypts the second variable element of the subroutine, 0: Encryption 1: Decryption. * Crypt ():

It is a password encryption program in the UNIX system, and is also called by the / usr / lib / makekey command. Crypt () subroutine has nothing to do with the CRYPT command. It takes 8 keywords with / usr / lib / makekey. 2 SALT character. Key words give setKey (), SALT characters for mixing the DES algorithm in encrypt (), and finally call Encrypt () Repeat 25 encrypted a string. Return the encrypted string pointer. (5) Running shell * system (): Run / bin / SH executes the command specified by its parameter, returns when the command is completed. * POPEN (): Similar to system (), different is the command runtime, its standard input or output By the file pointer returned by POPEN (). Both call (), exec (), POPEN () also calls PIPE (), completes the work of Fork () and Exec () starts Get a role. 3. Write a secure C program generally have two security issues, you must consider when writing: (1) Make sure that any temporary files you create do not contain confidential data, if there is confidential data, set the temporary file only You can read / write yourself. Make sure that the directory for establishing a temporary file is only written to yourself. (2) Make sure that you want to run (via system (), POPEN (), execlp (), execv () running command) It is a command you want to run, not what other commands, especially your own program is careful when you have SUID or SGID license. The first side is relatively simple, call umask (077) before the program begins. To make the file to others Readable, can be tuned (), or the following language is also established to establish a "invisible" temporary file. Creat ("/ tmp / xxx", 0); file = open ("/ tmp / xxx", o_rdwr ); unlink ("/ tmp / xxx"); After the file / TMP / XXX is created, open, then disconnect, but the memory assigned to the file is not deleted until the file channel that ultimately points to the file is turned off. Deleted. Open the file and any child process can access this temporary file, and other processes cannot access the file because it has been deleted by UNLINK () in / TMP. Second aspect More complicated and subtle, due to system (), POPEN (), Execlp (), execvp () is executed, if the full path to execute the command can be "deceived" users to perform different commands. Because the system Subprogo is based on the PATH variable which searches for sequential search to find the specified command, which is called SUID trap. The safest way is to change the valid UID to the actual UID before calling System (), and the other method is to use the full path name command as a parameter .execl (), Execv (), Execle (), Execve The full path name is required to be parameters. Another way to set the SUID trap is set in the program, because system () and popen () start the shell, so the shell syntax can be used. Such as: system ("Path = / BIN: / USR / BIN CD ");

This allows the user to run system commands without knowing which directory to be executed, but this method cannot be used in Execlp (), Execvp (), because they cannot start the command string of calling sequence passed. About Shell Interpret the way to pass to system () and popen () command line, there are two other questions: * Shell uses the characters in the IFS shell variable, break down the command line into words (usually this shell variable is space, Tab, Renewal), such as /, string / bin / ED is interpreted as a word bin, which is the word Ed, causing the misinterpretation of the command line. Retraunction: Before running another program through his own procedure, Change the effective UID to the actual UID, wait after another program to exit, then change the effective UID back to the original valid UID. SUID / SGID Program Guidance Guidance (1) Do not write a SUID / SGID program, most of the time no. (2) Setting up the SGID license, do not set up a SUID license. You should create a new group alone. (3) Do not perform any programs with EXEC (). Remember that EXEC () is also called by system () and popen ()... To call EXEC () (or system (), POPEN ()), you should use setgid (getGID ()) in advance (getGID ()) to set the actual GID. If you can't use setgid (), call system () or POPEN () At the time, IFS: POPEN ("IFS = / T / N; EXPORT IFS; / BIN / LS", "R");. Use the full path name of the command to be executed. If you can't use the full path name, Path: POPEN should be set before command ("IFS = / t / n; export IFS; path = / bin: / usr / bin; / bin / ls", "r"); do not pass the parameters specified by the user Give system () or POPEN (); if you can't avoid it, you should check if there is a special shell character in the change in the paragraph string. If the user has a large program, call EXEC () to perform many other programs, do not The large program is set to SGID license. You can write a smaller, a simpler SGID program execution must have a task licensed by the SGID, and then execute these small SGID programs by large programs. (4) If the user must use SUID Not SGID, remember (2), (3) content in the same order, and adjust it accordingly. Do not set up the ROOT SUID license. Choose a other account. (5) If the user wants to give other people to execute their own shell programs License, but don't want them to read the program, set the program to only permit, and can only Run through your own shell program. Compile, press the following method when installing the SUID / SGID program: (1) Make sure all SuID (SGID) programs are unwritable for groups and other users, access to permissions limitations It will bring trouble below 4755 (2755). It can only be more stringent. 4111 (2111) will make others unable to find security vulnerabilities in the program. (2) Be wary of external coding and Make / Install methods:

转载请注明原文地址:https://www.9cbs.com/read-122289.html

New Post(0)