Jailbreak/Installer.app developers: Fix this mess, please.
Posted February 16th, 2008 at 7:49 pm by Ste
Prior to the 1.1.3 firmware, everything was installed as, and ran as root. Following good UNIX practices, I installed apps with the following permissions: 755 for directories and executable files; 644 for all else. I held developer’s to this standard, too.
Now, with 1.1.3, we have multiple, competing, dissimilar jailbreak methods. Owner and group settings are not consistent between them, nor do they behave the same. This is causing havoc for app developers and me. Some examples:
“Nate’s” jailbreak:
- /var/mobile is a symbolic link to /var/root, which is owner:group root:wheel
- Files installed under /var/mobile by Installer.app are created root:wheel
- If you run “id” as mobile, you get: uid 0 (root), gid 0 (wheel), groups 0 (wheel)
- Applications run as root
ziphone jailbreak:
- /var/root is root:wheel
- /var/mobile is mobile:wheel
- Files installed under /var/mobile by Installer.app are created root:wheel
- If you run “id” as mobile, you get: uid 501 (mobile), gid 501 (mobile), groups (501)
- Applications run as mobile
“Official” jailbreak:
- /var/root is root:wheel
- /var/mobile is mobile:mobile
- Files installed under /var/mobile by Installer.app are created root:mobile
- If you run “id” as mobile, you get: uid 501 (mobile), gid 501 (mobile), groups (501)
- Applications run as mobile
Problem arise, as neither application developers, nor I, know which jailbreak method a user has chosen to use.
With “Nate’s” jailbreak method, the 755/644 permissions were still fine, as everything was owned by, and running as, root.
Then, to support the “Official” jailbreak method, I had to change the permissions on files and directories I installed under /var/mobile to 775/664. The files were owned by root and couldn’t be written to by mobile. However, since their group ownership was mobile, I was able to get things working by allowing group write.
Now along comes ziphone. Files created by Installer.app under /var/mobile are owned by root and their group is wheel, but the app’s owner and group when run are both mobile so even 775/664 won’t allow an app to write. Now I am forced to set those files and directories to 777/666 in order for things to work correctly.
So, even though Apple is trying to create privilege separation between the root and mobile accounts, I have to throw out all separation when it comes to what can write where, when it comes to anything under /var/mobile that I install via installer.app, if the app must write there.
This issue does not arise, however, for files and directories that an app creates under /var/mobile itself. That’s because the app’s running as mobile and creates the files and directories with the whatever uid/gid mobile has under that jailbreak.
Jailbreak developers need to standardize on what the correct uid/gid is for the mobile account and what account apps run as. Installer.app needs to make sure that when it creates files under an account, they they can actually be read by and written to by, that account.
Unfortunately, so many people have used the various jailbreaks that I can’t stand my ground against users and developers and say “X jailbreak is the correct one, and the only one I will support.”, because 1) I no longer know which is correct (does anyone? What’s your proof?) and 2) even if I did, users and developers would be in an uproar if I refused to make it work for everyone, when I clearly can, just because it’s not the right way to do it.
So, I’m left with the distasteful task of installing everything under /var/root or /var/mobile with world read/write.
Someone please fix this mess.
-ste
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
February 16th, 2008 at 8:32 pm
If I’m reading this right, making ziphone’s install write as root:mobile would at least reduce you to two separate methods, right? It should be easy enough drop the g+s from Installer for ziphone. That leaves you with “Nate versus the World”.
Is that helpful?
February 17th, 2008 at 9:24 am
I think ziphone would be the best solution. Their way is the easiest so far, Jailbreak and unlock in 3 minutes..
Though I Haven’t tried myself because I don’t want to update until this mess is cleaned up I’ve read that ziphone is the Schit.
Cheers!
February 17th, 2008 at 1:30 pm
While not fully thought through, the answer seems to be that Installer needs to change to accommodate 1.1.3 and applications living as ~mobile. Most apps should just get installed in ~mobile, with mobile/mobile as the user/group.
That said what about when Installer needs to drop a file into a directory outside of the ~mobile directory tree? This suggests that Installer should be able to set ownership. Or in other words Installer runs as root with this new capability.
On this latter point I’m betting Apple will not allow anything outside of ~mobile via their installation scheme.
February 18th, 2008 at 10:00 am
[...] - jedno warto powiedzieć: otóż wszystkie te metody delikatnie się od siebie różnią. Efektem jest oczywiście informacyjny chaos i także poważne problemy z [...]
February 25th, 2008 at 6:55 pm
Hi,
I have been bothered by this for quite some time now… and I still have not found a solution for this..
i thought that setting everythign to 777 will solve it.. but doesn’t look like it. it crashes for some users with a spinning wheel… mostly to ziphone users… do you have a solution for this?
it happens right after installation.. when exiting Installer. My programs are installed in /Applications .. with some files to read/write in ~/Library/Preferences/foldername
May 18th, 2008 at 12:02 am
[...] Edit: I gave up on this. See this article and you’ll have an idea of why I gave up: Jailbreak/Installer.app developers: Fix this mess, please. [...]