[Toybox] runcon requires CONFIG_TOYBOX_NORECURSE=y
Rob Landley
rob at landley.net
Tue Jan 19 13:12:54 PST 2016
On 01/19/2016 12:28 PM, enh wrote:
> runcon works by saying "when i exec, switch to this context" and then
> calling exec. unfortunately, xexec is too clever and will avoid
> actually exec'ing if it recognizes that it would just be a call back
> into toybox.
>
> so "runcon blah /system/bin/id" would work, because toybox would
> actually exec, but "runcon blah id" wouldn't, because toybox would
> just toy_exec "id". this was subtle enough to go unnoticed for some
> time.
>
> i've "fixed" it for now by just setting CONFIG_TOYBOX_NORECURSE=y
> (https://android-review.googlesource.com/#/c/196953/) but i wondered
> whether we should have a #error or something in runcon.c to make it
> clear if you're building a broken configuration?
That disables recursing globally. If you want to disable recursing
locally, set toys.stacktop = 0. (Or just call execvp() yourself, but
xexec() has error handling code you'd have to duplicate, so...)
I'll commit a fix.
Thanks,
Rob
(P.S. In THEORY they may someday be a future exit handling path via the
longjmp rebound stuff that does things like free toys.optargs, in which
case incrementing toys.optargs would screw it up. Not a problem here,
just a general "thing I have in mind to maybe attempt someday". That's
why I usually snapshot toys.optargs into a temp before looping over it,
and so on.)
(P.P.S. I'm sure that kind of cleanup code would make the valgrind
people happy, but do you know WHY the valgrind people care? Who's
running valigrind here? A number of commands don't even have _attempts_
at TOYBOX_FREE exit cleanup code yet. For example I'm implementing top
right now and noticing that iotop (which I'm mergeing with it) doesn't
free its process arrays on exit. If you run run iotop from within a
bootloader, it would have to. Right now, that's a blue sky todo item,
but is it important to somebody...? I got a "please prioritize xz
decompress" email last week, but haven't had anybody ping me about
bootloaders. Then again I didn't even know the cyanogenmod guys had
switched to toybox until I stumbled accross it in an unrelated google
search, and they've got a whole tree of changes for building on macosx.
Why? I dunno. Not sure how to ask them...)
More information about the Toybox
mailing list