[Toybox] Issue with TOYFLAG_STAYROOT

Rob Landley rob at landley.net
Mon Jun 11 11:04:48 PDT 2012


On 06/11/2012 08:53 AM, Ashwini Sharma wrote:
> Hi Rob,
> 
>   I developed a feature which needs SETUID capabilty. I installed
> toybox as root.
> 
> When I invoke my feature as another user with "./toybox <cmd_name>" it
> fails, whereas when I make a link to toybox and execute "<cmd_name>"
> it works fine.
> 
> In my <cmd_main> i have done xsetuid(geteuid());
> 
> I think it may be a condition check miss in main.c
> 
> if (!(which->flags & TOYFLAG_STAYROOT)) {
>             if (uid != euid) xsetuid(euid=uid);
> }
> 
> Incase of invocation like ./toybox <cmd_name>, toy_init is called for
> toybox, this doesn't have TOYFLAG_STAYROOT set and hence previliges
> are dropped.

Yup, but that doesn't fix the whole problem.

> But the next time when toy_init is called for command,
> the uid and euid are same becos of the previous toy_init call.

Yeah, and I think that's wrong. Commands need to figure out what user
they were _actually_ called as, and that prevents them from doing it.

The CFG_TOYBOX_SUID stuff has yet to have any actual commands use it. I
did a quick pass to sketch out functionality I wanted, but taking
another look I see at least two things I need to fix.

I'll work on it this evening.  Thanks for the heads up,

Rob
-- 
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation.  Pick one.



More information about the Toybox mailing list