PHP 執行sudo  權限的shell script

PHP 執行sudo 權限的shell script

    <?php
    echo exec("cd temp; ./php_root ");
    //echo shell_exec("whoami");
    phpinfo();
    ?>
    
    
    

    wrapper.c

    #include <stdlib.h>
    #include <sys/types.h>
    #include <unistd.h>
    
    int
    main (int argc, char *argv[])
    {
         setuid (0);
    
         /* WARNING: Only use an absolute path to the script to execute,
          *          a malicious user might fool the binary and execute
          *          arbitary commands if not.
          * */
         //system("cp 1.png 3.png");
         system ("./php_shell.sh");
         //i=system ("ls ");
         //printf("The value returned was: %d.\n",i);
         return 0;
    }
    
    
    #!/bin/sh
    
    # sips -s format png  1.png --out  2.png 
    sudo rm -rf code
    mkdir code
    cd code
    sudo yes | ls  & (nsPID=$! ; sleep 10 ; kill -STOP $nsPID)
    cd ..
    cp 1.png 4.png
    
    
    

    並且執行以下指令 設定和編譯程式

    sudo chown root php_shell.sh
    sudo chmod u=rwx,go=xr php_shell.sh
    sudo gcc wrapper.c -o php_root
    sudo chown root php_root
    sudo chmod u=rwx,go=xr,+s php_root