Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chromebrew/crew-sudo
Workaround for using sudo on ChromeOS crosh shell (ChromeOS v117+)
https://github.com/chromebrew/crew-sudo
chromeos chromiumos linux
Last synced: about 2 months ago
JSON representation
Workaround for using sudo on ChromeOS crosh shell (ChromeOS v117+)
- Host: GitHub
- URL: https://github.com/chromebrew/crew-sudo
- Owner: chromebrew
- License: gpl-3.0
- Created: 2023-09-28T09:23:06.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-10-29T05:28:55.000Z (about 2 months ago)
- Last Synced: 2024-10-29T06:22:55.159Z (about 2 months ago)
- Topics: chromeos, chromiumos, linux
- Language: Ruby
- Homepage:
- Size: 50.8 KB
- Stars: 8
- Watchers: 2
- Forks: 2
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# crew-sudo
Make `sudo` "works" on ChromeOS `crosh` shell (ChromeOS v117+) by redirecting sudo calls to VT-2 shell.
## Background
On ChromeOS v117, all Chrome-related processes (e.g. the ChromeOS UI) is executed with the `NO_NEW_PRIVS` bit, which means:
- `suid/sgid`-bit is blocked, and thus no more `sudo`
- This flag will be inherited by its subprocess (including `crosh`) and cannot be unset
That benefits security. However, it is bad for [Crouton](https://github.com/dnschneid/crouton)/[Chromebrew](https://github.com/chromebrew/chromebrew) users.
The official workaround for this is using the VT-2 shell (aka `frecon`) [^1], but `frecon` just sucks:
- No clipboard support
- No Caps Lock support
- No HiDPI support
- Poor compatibility with TUI programs
So is there a way to call `sudo` in `crosh` but run it in VT-2? That's what this project does :)
[^1]: `sudo` works in VT-2 because the VT-2 process is independent of the browser process and executed without the `NO_NEW_PRIVS` bit
## How it works?
It works in a similar way compared with popular Android root solutions like Magisk or SuperSU. It is divided into 2 parts:
- A `sudo` server running in VT-2 for executing `sudo` requests from `crosh`
- A `sudo` client for sending `sudo` requests to the server from `crosh`
All communication between the `sudo` server and client is done via Unix socket.
## Usage
All you need to do is start the `crew-sudo` daemon in VT-2 and `sudo` will work again in `crosh` :)
```text
sudo
---
crew-sudo [command]
crew-sudo -h|--help
crew-sudo -V|--version
```
|Command |Description|
|:-------------|:----------|
|`client` |Run as client mode, pass all given command arguments to daemon|
|`daemon` |Run as daemon mode, listen incoming requests at `/tmp/crew-sudo.socket`|
|`stop-daemon` |Stop currently running `crew-sudo` daemon|
---
|Options |Description|
|:-------------|:----------|
|`--bashrc` |Suppress `daemon is already running` error|
|`--foreground`|Run `crew-sudo` daemon in foreground|
|`--replace` |Replace the currently running `crew-sudo` daemon|
## What works currently
- Send terminal input to command/send command output back to `crosh`
- Handle terminal size events
- Sync exit code
## License
Copyright (C) 2013-2024 Chromebrew Authors
This project including all of its source files is released under the terms of [GNU General Public License (version 3 or later)](http://www.gnu.org/licenses/gpl.txt).