<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1166

          術語表: /attack/glossary

          Setuid與Setgid

          在Linux或macOS上為應用程序設置setuid或setgid位時,這意味著該應用程序將分別以擁有用戶或組的特權運行 。通常,應用程序是在當前用戶的上下文中運行的,而不管哪個用戶或組擁有該應用程序。在某些情況下,需要在提升權限的上下文中執行程序才能正常運行,但運行它們的用戶不需要提升權限。任何用戶都可以在自己的應用程序中指定要設置的setuid或setgid標志,而不必在sudoers文件中創建條目(必須由root用戶創建)。通過查看文件屬性時,這些位用“ s”而不是“ x”表示ls -l。該chmod程序可以經由bitmasking設置這些位,chmod 4777 [file]或通過縮寫命名chmod u+s [file]。

          攻擊者可以利用此優勢進行shell逃逸或利用具有setuid或setgid位的應用程序中的漏洞來獲取在不同用戶上下文中運行的代碼。此外,對手可以對自己的惡意軟件使用此機制,以確保他們將來能夠在提升的環境中執行

          When the setuid or setgid bits are set on Linux or macOS for an application, this means that the application will run with the privileges of the owning user or group respectively [1]. Normally an application is run in the current user’s context, regardless of which user or group owns the application. There are instances where programs need to be executed in an elevated context to function properly, but the user running them doesn’t need the elevated privileges. Instead of creating an entry in the sudoers file, which must be done by root, any user can specify the setuid or setgid flag to be set for their own applications. These bits are indicated with an "s" instead of an "x" when viewing a file's attributes via ls -l. The chmod program can set these bits with via bitmasking, chmod 4777 [file] or via shorthand naming, chmod u+s [file].

          An adversary can take advantage of this to either do a shell escape or exploit a vulnerability in an application with the setsuid or setgid bits to get code running in a different user’s context. Additionally, adversaries can use this mechanism on their own malware to make sure they're able to execute in elevated contexts in the future

          標簽

          ID編號: T1166

          策略: 特權升級,持久性

          平臺: Linux,macOS

          所需權限: 用戶

          有效權限: 管理員,root

          數據源: 文件監視,過程監視,過程命令行參數

          程序示例

          名稱 描述
          Keydnap(S0276) Keydnap(S0276) 將setuid標志添加到二進制文件中,以便將來輕松提升。
          Name Description
          Keydnap(S0276) Keydnap(S0276) adds the setuid flag to a binary so it can easily elevate in the future.

          緩解措施

          減輕 描述
          操作系統配置(M1028) 具有已知漏洞或已知外殼轉義的應用程序不應設置setuid或setgid位,以減少應用程序受到威脅時的潛在損害。此外,應在整個系統中最小化設置了setuid或setgid位的程序的數量。
          Mitigation Description
          Operating System Configuration(M1028) Applications with known vulnerabilities or known shell escapes should not have the setuid or setgid bits set to reduce potential damage if an application is compromised. Additionally, the number of programs with setuid or setgid bits set should be minimized across a system.

          檢測

          監視文件系統中設置了setuid或setgid位的文件。監視實用程序(如chmod)及其命令行參數的執行,以查找要設置的setuid或setguid位。

          Monitor the file system for files that have the setuid or setgid bits set. Monitor for execution of utilities, like chmod, and their command-line arguments to look for setuid or setguid bits being se

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看