Closed ghost closed 2 years ago
It looks like PRoot currently checks set-uidness of qemu binary, not sudo.
Since it seems (to me) that fixing this is not hard yet not trivial, I'll try making this "good first issue" as I think fixing this would be nice introduction to proot code. (If there won't be anyone willing to try this I'll fix that myself later, but I think this is nice occasion to try)
I think real path to executed binary could be taken from tracee->raw_path
and translating it or could be saved in expand_runner
before it is replaced.
Ok, so setting the permission of qemu user binary as setuid has some weird effects,
so if logging in as user, then it will log in as user but still root
however it kinda mixed up which the $USER
environment variable is marcusz
but the whoami
output is root
but it's kinda better when qemu-user binary as non-setuid
What you are showing is effect of distinction between real and effective uid (same thing would occur on normal Linux if you'd make all binaries suid).
When set-uid program is being executed, effective uid is set to root (or another owner of file in actual Linux) while real uid stays same.
dpkg
, $USER
check real uidwhoami
checks effective uidid
will show uid=
for real uid and if effective uid is different it'll also show euid=
Huh i see, i thought there will be a workaround if i set the qemu binary as setuid, but it didn't, and gives weird results
I think i found a workaround here,
since proot is able to run native binaries on emulated environment, i was able to run busybox arm64 static su
and do root
operations here and it works
i have to use native busybox su
for now until i can get sudo
to be compiled statically or proot
to be fixed,
probably this is my only suggestion for now
I also found another solution by running an SSH server as root (allow the root user to be logged in via ssh) , and login to ssh root user to gain root access,
I had to function ssh as sudo so i could easily run commands as root under qemu:
sudo(){ ssh root@localhost -p <port> "$@" };
I had to use localhost-only mode to only accept only local connections
This was now fixed as part of #195
(Although it also means that good first issue
experiment has failed...)
(Although it also means that good first issue experiment has failed...)
$ grep _PRINTPROOTERROR_ *h
maintenanceroutines.bash:84:"$INSTALLDIR/$STARTBIN" || _PRINTPROOTERROR_
maintenanceroutines.bash:122:$INSTALLDIR/root/bin/setupbin.bash || _PRINTPROOTERROR_
maintenanceroutines.bash:143:$STARTBIN || _PRINTPROOTERROR_
necessaryfunctions.bash:227:"$INSTALLDIR/$STARTBIN" || _PRINTPROOTERROR_
necessaryfunctions.bash:544:"$INSTALLDIR"/root/bin/setupbin.bash || _PRINTPROOTERROR_
printoutstatements.bash:231:_PRINTPROOTERROR_() {
Maybe good first issue should have been advertised in an install script?
It looks like i didn't notice this issue fixed, thanks
Originally Referenced on proot-distro #48
sudo gives me errors about setuid even though the permissions are correct when running proot-distro with qemu user emulation
Steps to Reproduce this problem
sudo test
And it should give setuid error even with the correct permission
Reproducing this problem without qemu (or using native architecture) does not occur this problem