[Toybox] oh, the irony...

enh enh at google.com
Sun Oct 21 21:54:37 PDT 2018 

On Sun, Oct 21, 2018 at 6:49 PM Rob Landley <rob at landley.net> wrote:
>
> On 10/17/2018 06:24 PM, enh wrote:
> > $ ./toybox su --help
> > toybox: Not root (see "toybox --help")
> >
> > not sure what the fix is there though.
>
> Ok, dug into it some more.
>
> If you "chown root:root toybox" and "chmod +s toybox", the su command then works
> as advertised. Including su --help. What's it's _complaining_ about is this
> command needs suid root to function, and toybox is not installed with that.
>
> The fact --help doesn't work in that case is still a problem, but it sounds like
> the "Not installed suid root" error message a couple lines earlier is what it
> should be printing in this case. (It's guarded by TOYBOX_DEBUG because it's
> "your system is built wrong", not runtime user error, but you have that on so
> should have seen it.)

Android doesn't actually build any of the TOYFLAG_ROOTONLY stuff... i
saw this on the host when i was trying to check all the --help output
for obvious mistakes the other day.

speaking of which, http://landley.net/toybox/help.html should probably
include the `toybox --version` output so it's clear what version of
toybox that page refers to...

> Except that's not printing for the busybox multiplexer itself (which !=
> toy_list; the standalone case shouldn't have CFG_TOYBOX_SUID set because then
> the individual command binary either has the suid bit set or it doesn't and
> we're not _dropping_ it), because the _multiplexer_ doesn't know (at this stage)
> what command we're going to be running.
>
> I suspect the "not installed right" error message should be printed here
> instead, but need to redo the logic. Right now it's right from a security
> perspective, but not from a usability perspective, and I kinda privilege the
> former over the latter... :P
>
> Queued up for next release...
>
> Rob
>
> P.S. I've meant for a while to have "make config-allsuid" and "config-nosuid"
> targets so people can have two binaries and only install the suid bit on the one
> containing the commands that needs them. I just haven't gotten around to it
> because $DAYJOB. (And really it's a bit like the "make single" stuff because the
> binaries would have to be named differently to be insalled next to each other...
> toybox-suid and toybox-nosuid, so really the targets should be "make
> toybox-allsuid" and "toybox-nosuid"... which is why it's on my todo list after
> the kconfig rewrite.)
>
> Rob

More information about the Toybox mailing list