On 10/18/2018 12:59 PM, enh wrote:> On Thu, Oct 18, 2018, 10:51 Rob Landley <r...@landley.net > <mailto:r...@landley.net>> wrote: > > On 10/17/2018 06:24 PM, enh wrote: > > $ ./toybox su --help > > toybox: Not root (see "toybox --help") > > > > not sure what the fix is there though. > > Hmmm, I think it's that TOYFLAG_NEEDROOT should be checking geteuid() not > getuid(), but that's a security thing and I want to go over all the users > thoroughly before making the change. > > Isn't the problem that we should handle --help before checking whether the > caller is root?
Hmmm, "yes but". It drops privileges literally as early as possible. Minimizing the amount of common code run as root when you have the suid bit set on the thing. Which means it's before it's checked for --help. So I see your point, but... hmmm. Looks like I need to split it into two functions. I can do the test and drop privs, record the results, and then have the error_exit() with the messages happen later after it's parsed --help. Throw it on the todo heap. (Sorry, worked late yesterday and today's busy too. Trying to ship a thing.) Rob _______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
