Wednesday, February 1, 2012

Nastiest Hack I've Seen In Awhile


I was reading about SL4A, also known as Android Scripting Languages. They are a set of quick-and-dirty ports of programming languages to the Android that interact with the Android OS. I just stumbled upon this "issue page" (it's more like a forum than a bug report).

The developer is trying to run something on his Android, which is basically Linux, that requires superuser permissions. As the responses started to build upon each other, one user suggested starting his shell script with the following lines (the actual posting was in Android's flavor of Python but I've converted it to bash(1) to make it more accessible):




#!/bin/sh
if [ "$USER" != "root" ]; then
    exec sudo $SHELL -c "`cat /proc/$$/cmdline | tr '\000' ' '`" root
fi


I simply couldn't help being entertained at how revolting but equally brilliant that code is. But, I started thinking (always something dangerous) about how much I hate having to deal with stupid commands. For example, this is the output of running apt-get(8) without proper permission:




$ apt-get install foobar
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?


Being as I often write shell scripts with calls to sudo(8) in the script, I decided that imitation is the best response to being revolted (I know my mom said something like that :-).

So I expanded upon the existing code, making it a full shell script utility. You can look the code or grab a copy at my GitHub page in the rerunasroot repository. I'll be using it in the future.