nosuid on 4.3 isn't the su-killer

There's been a lot of talk about the nosuid flag on mounts, that this prevents Android apps from executing things like su. While in the standard su setup this is certainly true, it doesn't really matter, and isn't the big reason SuperSU went daemon/proxy.

nosuid is (in the way it is currently setup) trivial to circumvent if you can run stuff at boot as root, as is the case with any flashable/rootable device. In other words - for root uses, it's not really relevant at all.

What is relevant, is the capability bounding set. Most processes (including all normal Android apps, and adb shell, and ...) have these severely limited. As a result, even if you have the (old) su binary installed and you could run it, you would indeed get root user. You would however still be completely unable to do anything interesting like remounting system (as just one example). As such, it may have seemed that the (old) su binary actually worked from adb shell - but it wasn't practically useful.

To read more about the capabilities as referenced here, and what you can and cannot do with them, see this page here: http://linux.die.net/man/7/capabilities . Previously, most processes had all of them. In 4.3, most only have CAP_SETUID and CAP_SETGID available, with the all-important CAP_SYS_ADMIN being missing.

That's the big reason I'm still using daemon/proxy mode for 4.3, not nosuid.
Shared publiclyView activity