From c1cd922a22d0d3a0a8ca4d388dc21bb150dd33bc Mon Sep 17 00:00:00 2001 From: hemiao Date: Mon, 7 Jul 2025 14:42:04 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E8=A7=A3=E5=86=B3issue=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...protection_for_interpreted_applications.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/zh/server/security/trusted_computing/protection_for_interpreted_applications.md b/docs/zh/server/security/trusted_computing/protection_for_interpreted_applications.md index 25f1069..136ff08 100644 --- a/docs/zh/server/security/trusted_computing/protection_for_interpreted_applications.md +++ b/docs/zh/server/security/trusted_computing/protection_for_interpreted_applications.md @@ -33,7 +33,7 @@ execveat()是于Linux 3.19/glibc 2.34版本开始支持的系统调用函数, execveat()系统调用的函数类型为: -``` +```bash int execveat(int dirfd, const char *pathname, char *const _Nullable argv[], char *const _Nullable envp[], @@ -77,7 +77,7 @@ int execveat(int dirfd, const char *pathname, 内核版本大于6.6.0-54.0.0.58,glibc版本大于等于2.38-41。 -``` +```bash glibc-2.38-41.oe2403sp1.x86_64 kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 ``` @@ -86,7 +86,7 @@ kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 可编写如下测试程序(test.c)进行参数功能测试: -``` +```bash #define _GNU_SOURCE #include @@ -112,19 +112,19 @@ int main(void) **步骤1:** 编译测试代码: -``` +```bash gcc test.c -o test ``` **步骤2:** 创建测试脚本test.sh: -``` +```bash echo "sleep 10" > test.sh ``` **步骤3:** 如果测试脚本具备合法的可执行权限,则execveat返回0: -``` +```bash # chmod +x test.sh # ./test execveat: Success @@ -133,7 +133,7 @@ access_ret = 0 **步骤4:** 如果测试脚本不具备合法的权限,则execveat返回-1,错误码为Permission denied: -``` +```bash # chmod -x test.sh # ./test execveat: Permission denied @@ -157,12 +157,12 @@ kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 **步骤1:** 设置系统中所有脚本文件的权限为可执行 ```bash -find / -name "*.sh" --exec chmod +x {} \; +find / -name "*.sh" -exec chmod +x {} \; ``` **步骤2:** 设置启动参数并重启系统,添加的启动参数为: -``` +```bash exec_check.bash=1 ``` @@ -183,13 +183,13 @@ hello world 获取支持该特性的jdk代码: -``` +```jdk https://gitee.com/openeuler/bishengjdk-8/tree/IMA_Glibc2_34 ``` 按照如下流程编译: -``` +```jdk https://gitee.com/openeuler/bishengjdk-8/wikis/%E4%B8%AD%E6%96%87%E6%96%87%E6%A1%A3/%E6%AF%95%E6%98%87JDK%208%20%E6%BA%90%E7%A0%81%E6%9E%84%E5%BB%BA%E8%AF%B4%E6%98%8E ``` @@ -197,14 +197,14 @@ https://gitee.com/openeuler/bishengjdk-8/wikis/%E4%B8%AD%E6%96%87%E6%96%87%E6%A1 **步骤1:** 确保系统中所有.class文件和.jar文件的可执行权限 -``` +```jdk find / -name "*.class" chmod +x {} \; find / -name "*.jar" chmod +x {} \; ``` **步骤2:** 设置启动参数并重启系统,添加的启动参数为: -``` +```jdk exec_check.java=1 ``` @@ -212,7 +212,7 @@ exec_check.java=1 可编写如下测试程序(HelloWorld.java)进行参数功能测试: -``` +```jdk public class HelloWorld { public static void main(String[] args) { System.out.println("Hello, World!"); -- Gitee From ca85d0ac13e849f5b2cf497658714408d2e1f6d9 Mon Sep 17 00:00:00 2001 From: hemiao Date: Mon, 7 Jul 2025 16:37:09 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E8=A7=A3=E5=86=B3issue=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../zh/server/security/cve_ease/cve_ease_design_introduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/zh/server/security/cve_ease/cve_ease_design_introduction.md b/docs/zh/server/security/cve_ease/cve_ease_design_introduction.md index dbfef5c..323f12d 100644 --- a/docs/zh/server/security/cve_ease/cve_ease_design_introduction.md +++ b/docs/zh/server/security/cve_ease/cve_ease_design_introduction.md @@ -30,4 +30,4 @@ CVE-ease主要有以下功能: 在用户交互界面,可以通过交互指令查询特定的CVE信息。默认展示的是最新的前10条CVE信息,也可通过修改指令选项来查询特定范围的历史CVE信息(CVE分数,年份等)。 -![](./figures/CVE-ease_function.png) \ No newline at end of file +![](./figures/CVE-ease_function.png) -- Gitee