标题: Setuid/gid script is writable by world. [打印本页] 作者: xmunet 时间: 2005-08-09 13:45 标题: Setuid/gid script is writable by world. 有一个perl 文件内容如下:
$more test.pl
#!/usr/bin/perl -w
exec('mount -o nolock 21host:/examax9k /mnt');
修改属性,并设置setuid标志,让它能在执行阶段具有root的权限。
1.chmod 777 test.pl with root account
2.chmod u+s test.pl with root account
3. run $ ./test.pl with non-root account
output: Setuid/gid script is writable by world.
