特权操作,如加载驱动程序或调试其他应用程序也不允许。
Privileged operations like loading drivers or debugging other applications are also not allowed.
这使 set-user-ID(非根)程序能够放弃它的所有用户特权,执行一些非特权操作,然后恢复原来的有效用户 ID。
This allows a set-user-ID (other than root) program to drop all of its user privileges, do some un-privileged work, and then re-engage the original effective user ID in a secure manner.
正如我们期望的一样,这个程序会接收到一个SIGILL(信号编号为4)信号,其si代码为5,这是在用户空间的程序执行特权操作时产生的。
As expected, the program has received a SIGILL (signal number 4) with an si code of 5, which is set when a privileged opcode is executed by a user-space program.
应用推荐