Android / linux ignores setuid flag

Question

I am trying to get root access to my chinese x86 tablet. With adb I have root. I copied a "sh" binary and set setuid bit, and from adb it works as expected:

1|shell@x98air3g_c5j8:/ $ which su.sh
/system/xbin/su.sh
shell@x98air3g_c5j8:/ $ ls -al /system/xbin/su.sh
-rwsr-sr-x root     shell      395004 2016-01-02 17:39 su.sh
shell@x98air3g_c5j8:/ $ mount | grep system
/dev/block/by-name/system /system ext4      ro,seclabel,noatime,data=ordered 0 0
shell@x98air3g_c5j8:/ $ su.sh
#

However, when same binary is invoked via tablet itself (in terminal emulator) it does not keep root privileges (setuid bit seems ignored). Just the normal shell.

What is preventing setuid bit to work? There are no "nosuid" mount flags and I tried to disable selinux with "setenforce permissive".

score 3 · Answer 1 · answered May 05 '16 at 16:13

3

The /system partition is mounted with "nosuid" option, preventing Android applications from executing setuid programs. You can temporary unmount and mount again with suid option:

adb shell mount -o rw,remount /system

answered May 05 '16 at 16:13

Johan Van Barel

31
2

score 0 · Answer 2 · answered Jul 19 '16 at 05:52

0

http://www.androidauthority.com/android-4-3-new-security-features-253244/

The /system partition is now mounted nosuid for zygote-spawned processes, preventing Android applications from executing setuid programs.

answered Jul 19 '16 at 05:52

osexp2000

628

Android / linux ignores setuid flag

2 Answers2