[Toybox] [New Toys] - inotifyd, rfkill & sulogin

Rob Landley rob at landley.net
Sat May 24 11:47:31 PDT 2014


On 04/17/14 04:45, Ashwini Sharma wrote:
> Hi Rob, List,
...
> Your inputs will make the code better. :)
> 
> NB: For commands having TOYFLAG_NEEDROOT set,
>        toybox shouts for __Need root__ even for __--help__ option.
>        e.g. [toybox]$ ./toybox sulogin --help
>               toybox: Not root

Hmmm. The problem is that test happens before we actually _get_ to the
option parsing. (We drop permissions as early as possible when we don't
need them, and the permission evaluation logic is all in one place.
Don't want to parse command line options with root access when we don't
need root, just in case there's an exploitable bug. I want it so all you
have to audit for the non-root case is the codepath from main() to where
we drop permissions...)

I can add a toys.exithelp++ before the Not Root error message so it
always shows help (when enabled) if it dies due to lack of root access.
Would that help?

(The downside is "not root" is less easy to spot when there's help text,
but "error is at the end of the help message" is a consistent behavior
so this isn't the _only_ time you'd know to look there, and this is
pilot error at the system building stage so we can expect a higher level
of cluefullness from system builders than from the average end user
anyway...)

> regards,
> Ashwini

Rob

 1400957251.0


More information about the Toybox mailing list