rootshell: use seteuid/setegid instead

This is also what sshell does.
EFForg · Jul 23, 2024 · a29e7e4 · a29e7e4
1 parent a6dfef3
commit a29e7e4
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 17 deletions.
diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@nightly
+      - uses: dtolnay/rust-toolchain@stable
         with:
           targets: armv7-unknown-linux-gnueabihf
       - name: Install cross-compilation dependencies

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/rootshell/Cargo.toml b/rootshell/Cargo.toml
@@ -6,3 +6,4 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+nix = { version = "0.29.0", features = ["user"] }
diff --git a/rootshell/rust-toolchain.toml b/rootshell/rust-toolchain.toml
diff --git a/rootshell/src/main.rs b/rootshell/src/main.rs
@@ -1,29 +1,23 @@
-#![feature(setgroups)]
-
 //! a simple shell for uploading to the orbic device.
 //! 
 //! It literally just runs bash as UID/GID 0 
 use std::process::Command;
 use std::os::unix::process::CommandExt;
 use std::env;
 
-const ANDROID_PARANOID_NETWORK_GROUPS: &[u32] = &[
-   3001, // AID_BT
-   3002, // AID_BT_NET
-   3003, // AID_INET
-   3004, // AID_NET_RAW
-   3005, // AID_ADMIN
-];
+use nix::unistd::{Gid, Uid};
 
 fn main() {
    let mut args = env::args();
 
+   nix::unistd::setegid(Gid::from_raw(0)).expect("setegid(0) failed");
+   nix::unistd::seteuid(Uid::from_raw(0)).expect("seteuid(0) failed");
+
    // discard argv[0]
    let _ = args.next();
    Command::new("/bin/bash")
 	.args(args)
 	.uid(0)
 	.gid(0)
-   .groups(ANDROID_PARANOID_NETWORK_GROUPS)
 	.exec();
 }