On 04/17/14 04:45, Ashwini Sharma wrote: > NB: For commands having TOYFLAG_NEEDROOT set, > toybox shouts for __Need root__ even for __--help__ option. > e.g. [toybox]$ ./toybox sulogin --help > toybox: Not root
Oddly enough the scripts/single.sh build doesn't _include_ the "drop root privileges" code, so it doesn't check/complain that we weren't root anyway. (The theory is you only set the suid bit on the single-bulit commands that need it.) I suppose this is ok because the failure mode would be running code that requires root access without it, where it presumably can't do a lot of damage anyway. But it's a thing to keep in mind... (For a bit I was worrying "but if I start compressing the help text with gzip later on, and I display the help text without having dropped root privileges, wouldn't the decompressor run as root and add arbitrary complexity to the runs-with-root code path for normal apps when toybox is installed with the suid bit", and then I went "no, this error message only happens when they _don't_ have root access, so it's adding extra code running as a normal user anyway"...) Security: hard to get right. Rob _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
