[Toybox] Issue with TOYFLAG_STAYROOT
Rob Landley
rob at landley.net
Mon Jun 11 22:00:03 PDT 2012
On 06/11/2012 08:53 AM, Ashwini Sharma wrote:
> Hi Rob,
>
> I developed a feature which needs SETUID capabilty. I installed
> toybox as root.
>
> When I invoke my feature as another user with "./toybox <cmd_name>" it
> fails, whereas when I make a link to toybox and execute "<cmd_name>"
> it works fine.
>
> In my <cmd_main> i have done xsetuid(geteuid());
>
> I think it may be a condition check miss in main.c
>
> if (!(which->flags & TOYFLAG_STAYROOT)) {
> if (uid != euid) xsetuid(euid=uid);
> }
>
> Incase of invocation like ./toybox <cmd_name>, toy_init is called for
> toybox, this doesn't have TOYFLAG_STAYROOT set and hence previliges
> are dropped. But the next time when toy_init is called for command,
> the uid and euid are same becos of the previous toy_init call.
Now that I've looked at this more closely (ok, looked at it when I'm not
sitting in a _cubicle_, which for some reason prevents me from
concentrating on anything), I think adding TOYFLAG_STAYROOT to the
multiplexer is sufficient. It should only call seteuid when it needs to
_drop_ priviledges, otherwise it leaves them unmodified and lets the
command handle it.
I checked that in, try it now?
Rob
--
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation. Pick one.
More information about the Toybox
mailing list