Shared publicly  - 
 
nosuid on 4.3 isn't the su-killer

There's been a lot of talk about the nosuid flag on mounts, that this prevents Android apps from executing things like su. While in the standard su setup this is certainly true, it doesn't really matter, and isn't the big reason SuperSU went daemon/proxy.

nosuid is (in the way it is currently setup) trivial to circumvent if you can run stuff at boot as root, as is the case with any flashable/rootable device. In other words - for root uses, it's not really relevant at all.

What is relevant, is the capability bounding set. Most processes (including all normal Android apps, and adb shell, and ...) have these severely limited. As a result, even if you have the (old) su binary installed and you could run it, you would indeed get root user. You would however still be completely unable to do anything interesting like remounting system (as just one example). As such, it may have seemed that the (old) su binary actually worked from adb shell - but it wasn't practically useful.

To read more about the capabilities as referenced here, and what you can and cannot do with them, see this page here: http://linux.die.net/man/7/capabilities . Previously, most processes had all of them. In 4.3, most only have CAP_SETUID and CAP_SETGID available, with the all-important CAP_SYS_ADMIN being missing.

That's the big reason I'm still using daemon/proxy mode for 4.3, not nosuid.
220
34
Chainfire's profile photoPhil Jefferies's profile photoHosam Arnous's profile photoTrung Duc Tran's profile photo
22 comments
 
Intreresting read +Chainfire 

On a side note: you are using a side-effect to start the daemon, using the already existing file /system/etc/install-recovery.sh on the Nexus 4.

I can't see that the file is preserved if you install SuperSU, which might get you in trouble trying to get an OTA for an otherwise stock ROM.

Is it possible to launch the daemon in another way on N4 so that existing system files don't need to be overwritten?

I can't find that file on the Galaxy Nexus or the Nexus 7 before installing SuperSU (stock 4.3) - is this only a problem on the Nexus 4?
 
You sir, +Adam Outler & +CyanogenMod   are the reason why I keep on checking my Google+ account. Thank you very much for your valuable information :-)
 
Can that missing command be added to busybox, or it a kernel recompile?
 
+Fredrik Duprez its not a problem to overwrite this file, and most firmwares run it at boot, even if it isn't used. That's the reason I choose this one for now - it doesn't do anything important and it works on most devices.

It may cause problems with OTAs though, I recommend a "full unroot" from SuperSU settings before applying an OTA.

I will strive to solve that problem sooner or later :)
 
+Jim DeArras It can't be easily escaped. Of course on a custom firmware it wouldn't be too difficult to change this (beyond the scope of this post), but on stock it seems to be the "way it is". I can still think of ways around it (like kernel module based hacks) but those solution aren't very portable.
 
hmm why not just give full root rights to every program
 
+Chainfire it seems with the new su daemon/proxy the exit code of the called script is not passed back to the calling app. I exec su and feed it with shell command "exit 66" but always get 0 exit code not 66. 
 
+Trung Duc Tran a (second) bug related to this has been fixed yesterday in my dev build, and this should be resolved in the next update
 
So, does this mean we're close to when Android phones won't be rootable by their legitimate owner?
 
All this added new difficulty in running su reminds me of Google making mounting difficult in 4.2 due to the multiuser change, then making it even harder in 4.2.2 due to the adb authentication. At this rate, in 5.0, it will be impossible to mount and run su...
 
They wear bullet proof vests and so we bring armor piercing rounds.. It's just how the game is played, over and over again.
 
Anyone can share/post original nexus(4|7) /etc/install-recovery.sh to here? Thanks.
 
Yes, ota zip. Is it good idea run original install-recovery.sh before run su daemon?
Thanks.
 
+John Wong the only thing it does is installing stock recovery. If you haven't changed recovery or want to run a custom one it's no point in running it before rooting. 
 
+Fredrik Duprez  "the only thing it does is installing stock recovery", do you mean the original /system/etc/install-recovery.sh is only install recovery?? 
sorry, I do not know what original /system/etc/install-recovery.sh does.
I just install stock android 4.3 (download from google) and then rooted with supersu.
so, I do not need original /system/etc/install-recovery.sh ?? right ??
thank you.
 
+John Wong exactly. It only comes with the ota and is not part of the factory images. You don't need it. 
 
Understand now, thank you again.
Translate
 
Hi, thanks for making SuperSU the most reliable su on 4.3. Is the source code for the daemonsu binary online somewhere?

I'm having a problem with running "screen" inside a terminal under a chroot: it always seems to size to 80x25 even though my parent ptty has plenty of room. I'd like to look at the code where su allocates a new tty to see if there might be a problem there.
 
Thanks for your invaluable help with root & apps. i9300t, i9100t unlocking.
Add a comment...