[Toybox] setuid (TOYFLAG_STAYROOT) requirement - in nested case
Rob Landley
rob at landley.net
Sat May 11 21:18:47 PDT 2013
On 05/10/2013 03:29:46 AM, Ashwini Sharma wrote:
> Hey Rob,
>
> I have a case, where setuid is required in nested case.
>
> nested case:
> lets say there are two commands in toybox called __acmd__ and
> __bcmd__.
> __acmd__ doesn't require setuid bit, whereas __bcmd__ does require
> setuid
> bit.
>
> Take a case where __acmd__ will run/launch __bcmd__. Now since
> __acmd__
> doesn't need TOYFLAG_STAYROOT, this sets the euid to be of uid in
> toy_init() function.
> When __bcmd__ is run from __acmd__, this would have lost the setuid
> bit and
> hence fails to run due to this.
Use execvp(bcmd) instead of toy_exec(bcmd). Toybox can't re-escalate to
suid, so you have to ask the operating system to do so.
I should add a check for this in toysh...
Rob
More information about the Toybox
mailing list