[Toybox] [New Toys] - inotifyd, rfkill & sulogin
Rob Landley
rob at landley.net
Sat May 24 11:57:05 PDT 2014
On 04/17/14 04:45, Ashwini Sharma wrote:
> NB: For commands having TOYFLAG_NEEDROOT set,
> toybox shouts for __Need root__ even for __--help__ option.
> e.g. [toybox]$ ./toybox sulogin --help
> toybox: Not root
Oddly enough the scripts/single.sh build doesn't _include_ the "drop
root privileges" code, so it doesn't check/complain that we weren't root
anyway. (The theory is you only set the suid bit on the single-bulit
commands that need it.)
I suppose this is ok because the failure mode would be running code that
requires root access without it, where it presumably can't do a lot of
damage anyway. But it's a thing to keep in mind...
(For a bit I was worrying "but if I start compressing the help text with
gzip later on, and I display the help text without having dropped root
privileges, wouldn't the decompressor run as root and add arbitrary
complexity to the runs-with-root code path for normal apps when toybox
is installed with the suid bit", and then I went "no, this error message
only happens when they _don't_ have root access, so it's adding extra
code running as a normal user anyway"...)
Security: hard to get right.
Rob
1400957825.0
More information about the Toybox
mailing list