2

I know that the root user can access all files / commands on the system but can Can a root / su user assume any other uid?

The reason I ask is looking at http://nelenkov.blogspot.co.uk/2012/05/storing-application-secrets-in-androids.html it says a deamon commands "Allowed UIDs" are "anyone but root, vpn and wifi (Only keys created with the same UID are visible/accessible)" - which suggests in this case the creators uid has higher privilege than root - is this correct?

Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
Dori
  • 133

2 Answers2

7

Regarding permissions, root has the power to do anything, but the application may refuse to do something based on the UID.

However, root can su to anyone without password, if that's what you mean. But then it's not root anymore.

orion
  • 12,502
5

Yes, at least on all *nix systems I have ever seen, root can become any other user with no need to enter a password, just su. I don't see how that means that "the creator's uid has higher privilege than root" though.

That article is simply saying that some of the android daemon's commands cannot be run by root. That doesn't mean that someone else has higher privileges, only that the command will test and if it is being called by root it will refuse to execute.

So, yes root can su to any other user but if it does, it is no longer root so that's not relevant. The point is that some commands should not be run by users with elevated permissions (like root) because they are dangerous. If they are run by someone who has logged in as root and then switched to a normal user, they are being run by a normal user, they have no way of knowing that the user in question happens to have the root password. As long as the UID of the user who called them is not 1, they're happy.

Community
  • 1
terdon
  • 242,166
  • great thanks - that makes sense. Whats the point in testing if its called by root then, is this just like an extra warning that the root user would need to su to another user first? – Dori Mar 12 '14 at 16:48
  • 1
    @Dori no, it's just that some applications won't let themselves be run by root because that would be a security hole. – terdon Mar 12 '14 at 16:50
  • +1 thx for the reply - it does not sound like thats really much of a solution to an identified security hole as root can switch to any other user. I guess there is the added faff maybe of working out what user would need to be switched to but I imagine that would not be too hard...? – Dori Mar 12 '14 at 16:57
  • 1
    @Dori you misunderstand, when root has switched to another user, he is no longer root but that other user so there is no security hole. The security hole is allowing the program to be run with root privileges (by root), it is not an issue unless the user running it is root. – terdon Mar 12 '14 at 17:01
  • ah I see - your saying allowing the application to run with root privileges would be dangerous as the app itself could do anything - got you :) – Dori Mar 12 '14 at 17:07