Let it be known that I barely understand what setuid/setgid/whatever is. I think it has something to do with what user a program is executed as. This brings me to nosuid
.
In Security Enhancements in Android 4.3, Google says
The /system partition is now mounted nosuid for zygote-spawned processes,
preventing Android applications from executing setuid programs.
It makes no sense to me to say that a filesystem in Linux is mounted "for" anything, as if the way it is mounted can be relative to a process or executable. If the system partition on Android devices is mounted with nosuid
, then how can any of the system's core executables run as root, which they need to do in the earliest stages of startup?
Best Answer
Possibly relevant line earlier in the same document:
Regarding your final question:
nosuid
doesn't preventroot
from running processes. It is not the same asnoexec
. It just prevents thesuid
bit on executables from taking effect, which by definition means that a user cannot then run an application that would have permission to do things that the user doesn't have permission to do himself.Also relevant here is an understanding of what "zygote" actually is; try reading https://android.stackexchange.com/a/77308
Disclaimer: I'm not an Android expert.