[Toybox] oh, the irony...
Rob Landley
rob at landley.net
Thu Oct 18 11:49:02 PDT 2018
On 10/18/2018 12:59 PM, enh wrote:> On Thu, Oct 18, 2018, 10:51 Rob Landley
<rob at landley.net
> <mailto:rob at landley.net>> wrote:
>
> On 10/17/2018 06:24 PM, enh wrote:
> > $ ./toybox su --help
> > toybox: Not root (see "toybox --help")
> >
> > not sure what the fix is there though.
>
> Hmmm, I think it's that TOYFLAG_NEEDROOT should be checking geteuid() not
> getuid(), but that's a security thing and I want to go over all the users
> thoroughly before making the change.
>
> Isn't the problem that we should handle --help before checking whether the
> caller is root?
Hmmm, "yes but".
It drops privileges literally as early as possible. Minimizing the amount of
common code run as root when you have the suid bit set on the thing. Which means
it's before it's checked for --help.
So I see your point, but... hmmm.
Looks like I need to split it into two functions. I can do the test and drop
privs, record the results, and then have the error_exit() with the messages
happen later after it's parsed --help.
Throw it on the todo heap. (Sorry, worked late yesterday and today's busy too.
Trying to ship a thing.)
Rob
More information about the Toybox
mailing list