maemo.org - Talk - View Single Post - [Announce / WIP] Filebox for harmattan

itsnotabigtruck	2012-05-08 , 17:37
Posts: 245 \| Thanked: 915 times \| Joined on Feb 2012	#38

Originally Posted by CepiPerez

The N9 Quick Tweak app has an option to use FileBox as root without limitation. But you need to enter root password when you launch the app.

I don't have inception or opensh installed yet.
You can try installing filebox under inception. It should work

Installing Filebox with incept won't make a difference unless Filebox is modified to take advantage of INCEPTION.

There are two approaches you could take:

Assert UID::root and GID::root and specify the setxid policy flag. What this does is emulate the behavior of the SUID/SGID bits through Aegis, which will allow you to use setreuid/setregid to swap the real and effective UID/GID. This makes it possible to enable/disable access as the root user "on the fly". The major disadvantage is that you're still limited to files that user and root have access to - it doesn't allow complete filesystem access. On the other hand, it doesn't require INCEPTION.
Assert CAP::dac_override. This permission is what allows root to have complete access to the filesystem on an ordinary (non-Aegis) Linux system. The only disadvantage (if you consider it such) is that INCEPTION is then required.

If you go with the second approach, there are various schemes you could use to enable and disable CAP::dac_override access, which could be used to prevent such access until the user e.g. enters the root password.

If you'd like advice on implementing any of this, I'd encourage joining #inception on Freenode - I'm on there a lot of the time, and so are a few others who could help.

__________________

I N C E P T I O N

Calendarrr | ad-hac | sparsify | aegisctl
MilkyTracker | Mosh
Firmware Flashing Guide

Quote & Reply |

The Following User Says Thank You to itsnotabigtruck For This Useful Post:
koe