[Toybox] Issue with TOYFLAG_STAYROOT
Rob Landley
rob at landley.net
Mon Jun 11 11:04:48 PDT 2012
On 06/11/2012 08:53 AM, Ashwini Sharma wrote:
> Hi Rob,
>
> I developed a feature which needs SETUID capabilty. I installed
> toybox as root.
>
> When I invoke my feature as another user with "./toybox <cmd_name>" it
> fails, whereas when I make a link to toybox and execute "<cmd_name>"
> it works fine.
>
> In my <cmd_main> i have done xsetuid(geteuid());
>
> I think it may be a condition check miss in main.c
>
> if (!(which->flags & TOYFLAG_STAYROOT)) {
> if (uid != euid) xsetuid(euid=uid);
> }
>
> Incase of invocation like ./toybox <cmd_name>, toy_init is called for
> toybox, this doesn't have TOYFLAG_STAYROOT set and hence previliges
> are dropped.
Yup, but that doesn't fix the whole problem.
> But the next time when toy_init is called for command,
> the uid and euid are same becos of the previous toy_init call.
Yeah, and I think that's wrong. Commands need to figure out what user
they were _actually_ called as, and that prevents them from doing it.
The CFG_TOYBOX_SUID stuff has yet to have any actual commands use it. I
did a quick pass to sketch out functionality I wanted, but taking
another look I see at least two things I need to fix.
I'll work on it this evening. Thanks for the heads up,
Rob
--
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation. Pick one.
More information about the Toybox
mailing list