[Toybox] Issue with TOYFLAG_STAYROOT

Rob Landley rob at landley.net
Mon Jun 11 22:00:03 PDT 2012


On 06/11/2012 08:53 AM, Ashwini Sharma wrote:
> Hi Rob,
> 
>   I developed a feature which needs SETUID capabilty. I installed
> toybox as root.
> 
> When I invoke my feature as another user with "./toybox <cmd_name>" it
> fails, whereas when I make a link to toybox and execute "<cmd_name>"
> it works fine.
> 
> In my <cmd_main> i have done xsetuid(geteuid());
> 
> I think it may be a condition check miss in main.c
> 
> if (!(which->flags & TOYFLAG_STAYROOT)) {
>             if (uid != euid) xsetuid(euid=uid);
> }
> 
> Incase of invocation like ./toybox <cmd_name>, toy_init is called for
> toybox, this doesn't have TOYFLAG_STAYROOT set and hence previliges
> are dropped. But the next time when toy_init is called for command,
> the uid and euid are same becos of the previous toy_init call.

Now that I've looked at this more closely (ok, looked at it when I'm not
sitting in a _cubicle_, which for some reason prevents me from
concentrating on anything), I think adding TOYFLAG_STAYROOT to the
multiplexer is sufficient. It should only call seteuid when it needs to
_drop_ priviledges, otherwise it leaves them unmodified and lets the
command handle it.

I checked that in, try it now?

Rob
-- 
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation.  Pick one.



More information about the Toybox mailing list