mirror of https://github.com/mkerrisk/man-pages
chroot.2, clone.2, epoll_wait.2, execve.2, getgroups.2: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
0ffeaeae10
commit
47f743f12e
|
@ -104,10 +104,12 @@ so that after the call \(aq\fI.\fP\(aq can
|
|||
be outside the tree rooted at \(aq\fI/\fP\(aq.
|
||||
In particular, the superuser can escape from a "chroot jail"
|
||||
by doing:
|
||||
.nf
|
||||
|
||||
mkdir foo; chroot foo; cd ..
|
||||
.fi
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
mkdir foo; chroot foo; cd ..
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
This call does not close open file descriptors, and such file
|
||||
descriptors may allow access to files outside the chroot tree.
|
||||
|
|
12
man2/clone.2
12
man2/clone.2
|
@ -1214,13 +1214,15 @@ argument includes
|
|||
.BR CLONE_VM .)
|
||||
To get the truth, it was sometimes necessary to use code such as the following:
|
||||
.PP
|
||||
.nf
|
||||
#include <syscall.h>
|
||||
.in +4n
|
||||
.EX
|
||||
#include <syscall.h>
|
||||
|
||||
pid_t mypid;
|
||||
pid_t mypid;
|
||||
|
||||
mypid = syscall(SYS_getpid);
|
||||
.fi
|
||||
mypid = syscall(SYS_getpid);
|
||||
.EE
|
||||
.in
|
||||
.\" See also the following bug reports
|
||||
.\" https://bugzilla.redhat.com/show_bug.cgi?id=417521
|
||||
.\" http://sourceware.org/bugzilla/show_bug.cgi?id=6910
|
||||
|
|
|
@ -129,22 +129,26 @@ becomes ready or until a signal is caught.
|
|||
The following
|
||||
.BR epoll_pwait ()
|
||||
call:
|
||||
.nf
|
||||
|
||||
ready = epoll_pwait(epfd, &events, maxevents, timeout, &sigmask);
|
||||
|
||||
.fi
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
ready = epoll_pwait(epfd, &events, maxevents, timeout, &sigmask);
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
is equivalent to
|
||||
.I atomically
|
||||
executing the following calls:
|
||||
.nf
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
sigset_t origmask;
|
||||
|
||||
sigset_t origmask;
|
||||
|
||||
pthread_sigmask(SIG_SETMASK, &sigmask, &origmask);
|
||||
ready = epoll_wait(epfd, &events, maxevents, timeout);
|
||||
pthread_sigmask(SIG_SETMASK, &origmask, NULL);
|
||||
.fi
|
||||
pthread_sigmask(SIG_SETMASK, &sigmask, &origmask);
|
||||
ready = epoll_wait(epfd, &events, maxevents, timeout);
|
||||
pthread_sigmask(SIG_SETMASK, &origmask, NULL);
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
The
|
||||
.I sigmask
|
||||
|
|
|
@ -721,7 +721,7 @@ The following program is designed to be execed by the second program below.
|
|||
It just echoes its command-line arguments, one per line.
|
||||
.PP
|
||||
.in +4n
|
||||
.nf
|
||||
.EX
|
||||
/* myecho.c */
|
||||
|
||||
#include <stdio.h>
|
||||
|
@ -737,14 +737,14 @@ main(int argc, char *argv[])
|
|||
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
.fi
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
This program can be used to exec the program named in its command-line
|
||||
argument:
|
||||
.PP
|
||||
.in +4n
|
||||
.nf
|
||||
|
||||
.EX
|
||||
/* execve.c */
|
||||
|
||||
#include <stdio.h>
|
||||
|
@ -768,20 +768,20 @@ main(int argc, char *argv[])
|
|||
perror("execve"); /* execve() returns only on error */
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
.fi
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
We can use the second program to exec the first as follows:
|
||||
.PP
|
||||
.in +4n
|
||||
.nf
|
||||
.EX
|
||||
.RB "$" " cc myecho.c \-o myecho"
|
||||
.RB "$" " cc execve.c \-o execve"
|
||||
.RB "$" " ./execve ./myecho"
|
||||
argv[0]: ./myecho
|
||||
argv[1]: hello
|
||||
argv[2]: world
|
||||
.fi
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
We can also use these programs to demonstrate the use of a script
|
||||
|
@ -791,25 +791,25 @@ To do this we create a script whose "interpreter" is our
|
|||
program:
|
||||
.PP
|
||||
.in +4n
|
||||
.nf
|
||||
.EX
|
||||
.RB "$" " cat > script"
|
||||
.B #!./myecho script-arg
|
||||
.B ^D
|
||||
.RB "$" " chmod +x script"
|
||||
.fi
|
||||
.EE
|
||||
.in
|
||||
.PP
|
||||
We can then use our program to exec the script:
|
||||
.PP
|
||||
.in +4n
|
||||
.nf
|
||||
.EX
|
||||
.RB "$" " ./execve ./script"
|
||||
argv[0]: ./myecho
|
||||
argv[1]: script-arg
|
||||
argv[2]: ./script
|
||||
argv[3]: hello
|
||||
argv[4]: world
|
||||
.fi
|
||||
.EE
|
||||
.in
|
||||
.SH SEE ALSO
|
||||
.BR chmod (2),
|
||||
|
|
|
@ -169,12 +169,14 @@ is inherited from the parent process, and preserved across an
|
|||
.PP
|
||||
The maximum number of supplementary group IDs can be found at run time using
|
||||
.BR sysconf (3):
|
||||
.nf
|
||||
|
||||
long ngroups_max;
|
||||
ngroups_max = sysconf(_SC_NGROUPS_MAX);
|
||||
|
||||
.fi
|
||||
.PP
|
||||
.in +4n
|
||||
.EX
|
||||
long ngroups_max;
|
||||
ngroups_max = sysconf(_SC_NGROUPS_MAX);
|
||||
..EE
|
||||
.in
|
||||
.EE
|
||||
The maximum return value of
|
||||
.BR getgroups ()
|
||||
cannot be larger than one more than this value.
|
||||
|
|
Loading…
Reference in New Issue