xcode 越狱后,iOS 应用程序是否会以 root 权限运行?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15968845/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Once jailbroken, will iOS apps run with root privilege?
提问by Ocelot
Once an iOS device is jailbroken, we can build jailbreak apps (with theos) and it gets installed in the /Applicationsdirectory where the preloaded apps run with root privileges. If an app is built with Xcode, once it is installed, it gets into the /private/var/mobile/Applications/folder, which is supposed to have Apple sandbox enforced (before jailbreak).
一旦 iOS 设备越狱,我们就可以构建越狱应用程序(使用 theos)并将其安装在/Applications预加载应用程序以 root 权限运行的目录中。如果应用程序是用 Xcode 构建的,一旦安装,它就会进入/private/var/mobile/Applications/文件夹,该文件夹应该强制执行 Apple 沙箱(在越狱之前)。
So, the questions I have are:
所以,我的问题是:
For a jailbroken device, will the apps in
/private/var/mobile/Applications/execute with root privileges or withmobileuser privileges?In case of Android, once rooted, the apps will have to gain root privileges by executing the
sucommand. Is it the case when it comes to iOS as well?
对于越狱的设备,应用程序
/private/var/mobile/Applications/是以 root 权限还是以mobile用户权限执行?在 Android 的情况下,一旦获得 root 权限,应用程序将必须通过执行
su命令获得 root 权限。iOS 也是这样吗?
I would like to understand the difference between these two development options (Theos / Xcode) and how it affects what operations my app can perform.
我想了解这两个开发选项(Theos / Xcode)之间的区别以及它如何影响我的应用程序可以执行的操作。
回答by
Long story short: no.
长话短说:不。
Jailbreaking is a necessary but not sufficient condition for gaining root.Apps will still be sandboxed by default.
越狱是获得root权限的必要条件,但不是充分条件。默认情况下,应用程序仍将被沙盒化。
What you can do for making your app run with root privileges is creating a startup shell script that has root:wheelownership and 755permissions, then create your actual executable with the same ownership, 7555as permissions (i. e. set its "setuid" bit), then call setuid(0);from within main(), before calling UIApplicationMain().
为了使您的应用程序以 root 权限运行,您可以做的是创建一个具有root:wheel所有权和755权限的启动 shell 脚本,然后创建具有相同所有权的实际可执行文件,7555作为权限(即设置其“setuid”位),然后setuid(0);从内部调用main(),在调用之前UIApplicationMain()。
回答by Nate
Not disagreeing with anything H2CO3 said, but to add some further clarification ...
不反对H2CO3 所说的任何内容,但要进一步澄清......
Apps installed in
/private/var/mobile/Applications/(†) with Xcode will run with usermobileprivileges, even on jailbroken phones.Even on a jailbroken phone, apps installed to
/private/var/mobile/Applications/(†) will be sandboxed almost(‡) like apps on a jailed phone. So, no reading other (normal) apps' data, even if those files are owned by usermobile.For a good description of the process that apps like Cydia use to run as root, see this answer. Or, just ssh into your phone, and take a look inside
/Applications/Cydia.app/yourself.If you simply copy/install an app (without doing what H2CO3 suggested) to
/Applications/, it won't be sandboxed, but it will still run withmobile(UID=501) privileges:
/private/var/mobile/Applications/使用 Xcode安装在(†) 中的应用程序将以用户mobile权限运行,即使在越狱手机上也是如此。即使在越狱的手机上,安装到
/private/var/mobile/Applications/(†) 的应用程序将几乎像 (‡) 被监禁的手机上的应用程序一样被沙盒化。因此,即使这些文件归 user 所有,也不能读取其他(普通)应用程序的数据mobile。有关 Cydia 等应用以 root 用户身份运行的过程的详细描述,请参阅此答案。或者,只需通过 ssh 进入您的手机,看看
/Applications/Cydia.app/自己的内心。如果您只是简单地将应用程序复制/安装(不执行H2CO3 建议的操作)到
/Applications/,它不会被沙盒化,但它仍会以mobile(UID=501) 权限运行:
iPhone5:~ root# cd /Applications
iPhone5:/Applications root# ls -altr ./HelloJB.app/
total 220
-rw-r--r-- 1 root wheel 711 Apr 3 20:36 entitlements.xml
-rw-r--r-- 1 root wheel 297 Apr 3 20:36 entitlements-daemon.xml
-rw-r--r-- 1 root wheel 7972 Apr 3 20:36 embedded.mobileprovision
-rw-r--r-- 1 root wheel 58755 Apr 3 20:36 date.zip
-rw-r--r-- 1 root wheel 485 Apr 3 20:36 ResourceRules.plist
-rw-r--r-- 1 root wheel 8 Apr 3 20:36 PkgInfo
-rw-r--r-- 1 root wheel 1226 Apr 3 20:36 Info.plist
-rw-r--r-- 1 root wheel 10960 Apr 3 20:36 Icon\@2x.png
-rw-r--r-- 1 root wheel 8328 Apr 3 20:36 Icon.png
-rw-r--r-- 1 root wheel 451 Apr 3 20:36 HelloJB.plist
-rwxr-xr-x 1 root wheel 61088 Apr 3 20:36 HelloJB*
-rwxr-xr-x 1 root wheel 42688 Apr 3 20:36 HelloDaemon*
drwxr-xr-x 2 root wheel 136 Apr 3 20:36 en.lproj/
drwxr-xr-x 2 root wheel 102 Apr 3 20:36 _CodeSignature/
drwxr-xr-x 4 root wheel 544 Apr 3 20:36 ./
drwxrwxr-x 54 root admin 1904 Apr 5 02:14 ../
iPhone5:/Applications root# ps -Aef | grep HelloJB
501 9412 1 0 0:00.00 ?? 0:00.33 /Applications/HelloJB.app/HelloJB
iPhone5:/Applications root# grep mobile /etc/passwd
mobile:*:501:501:Mobile User:/var/mobile:/bin/sh
(‡) Here's a good discussion, with input from Saurik, about how different jailbreaks may affect the sandbox. Long story short: it depends.
(‡) 这是一个很好的讨论,来自 Saurik 的意见,关于不同的越狱如何影响沙箱。长话短说:这取决于。
(†) Update: in recent versions of iOS, the location of 3rd-party apps has been moved to /var/mobile/Containers, and later to /var/containers/, but the same basic sandbox issues remain.
(†) 更新:在最新版本的 iOS 中,第 3 方应用程序的位置已移至/var/mobile/Containers,稍后移至/var/containers/,但基本沙箱问题仍然存在。
