Toggle search
Toggle menu
51.3K
2.2K
2.6K
275.1K
The Apple Wiki
Toggle preferences menu
Toggle personal menu
Not logged in
Log in or create an account to edit The Apple Wiki.

Dev:Running as root

From The Apple Wiki
More actions

Root is the "admin" user of UNIX-based operating systems. Running as root gives mostly complete control to the process.

Most binaries don't need to run as root, but there are few circumstances where it is required. As of iOS 11, the process to run a binary as root has changed. On devices jailbroken with tools that still use jailbreakd (namely Electra and Chimera), setuid will not work straight away.

Important information

  • Running as root can cause issues. It will cause some things to malfunction, or just stop working altogether. Only use if you need it.
  • Never call setuid from an injected library (a tweak). You are guaranteed to break something if you try.
  • Running as root will not provide unrestricted access to the filesystem. If you are trying to accomplish this, don't use root. Give your binary the correct entitlements.

Running a binary as root under early jailbreakd

These steps are required if the binary is intended to run on a device that uses jailbreakd, but doesn't automatically inject a fix for setuid (early versions of Electra and Chimera).

First of all, the binary must be platformized with a jailbreakd call, then setuid must be patched with another jailbreakd call. The following code has been provided from Electra's wiki and slightly modified: 

#include <dlfcn.h>
#define FLAG_PLATFORMIZE (1 << 1)

void fix_setuid()
{
    void *handle = dlopen("/usr/lib/libjailbreak.dylib", RTLD_LAZY);
    if (!handle)
        return;

    dlerror();

    typedef void (*fix_entitle_prt_t)(pid_t pid, uint32_t what);
    fix_entitle_prt_t entitle_ptr = (fix_entitle_prt_t)dlsym(handle, "jb_oneshot_entitle_now");

    const char *dlsym_error = dlerror();
    if (dlsym_error)
        return;

    entitle_ptr(getpid(), FLAG_PLATFORMIZE);
    
    dlerror();

    typedef void (*fix_setuid_prt_t)(pid_t pid);
    fix_setuid_prt_t setuid_ptr = (fix_setuid_prt_t)dlsym(handle,"jb_oneshot_fix_setuid_now");
    
    dlsym_error = dlerror();
    if (dlsym_error)
        return;
    
    setuid_ptr(getpid());
}

int main()
{
    setuid(0);
    if (getuid() != 0)
    {
        fix_setuid();
        setuid(0);
    }

    ...

    return 0;
}

Keep in mind the binary should also be signed with the platform-application entitlement.

Retrieved from "https://theapplewiki.com/index.php?title=Dev:Running_as_root&oldid=213907"