Chinaunix首页 | 论坛 | 博客
  • 博客访问: 4157492
  • 博文数量: 601
  • 博客积分: 15410
  • 博客等级: 上将
  • 技术积分: 6884
  • 用 户 组: 普通用户
  • 注册时间: 2007-05-16 08:11
个人简介

独学而无友,则孤陋而寡闻!

文章分类

全部博文(601)

文章存档

2020年(1)

2018年(4)

2017年(7)

2016年(42)

2015年(25)

2014年(15)

2013年(36)

2012年(46)

2011年(117)

2010年(148)

2009年(82)

2008年(37)

2007年(41)

分类: 嵌入式

2012-04-11 08:39:36

On the emulator provided with the SDK r10, you can get a root shell executing "adb shell" from your host computer. Once you have such root shell, you cat follow this steps to get a command that can log you as root from the terminal emulator:

# Remount /data to allow executables and setuids on it
mount
-o remount,rw /dev/block/mtdblock1 /data

# There's no "cp" command on Android
cat
/system/bin/sh > /data/su

# Give setuid permissions to the shell
chmod
7755 /data/su

Now, from the emulator, just run "/data/su" and that's it, you're root.

The normal "/system/xbin/su" command included in the SDK performs internal user id checks, so these commands...

mount -o remount,rw /dev/block/mtdblock0 /system
chmod
7755 /system/xbin/su

...just won't work. There's no way to trick /system/xbin/su to allow the normal user (UID 10018 in my case) to become root.

Please note that dealing with setuid programs can be a security risk (not higher than having a universal "su" command, though). Use this solution at your own risk.



阅读(3096) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~