Running GUI app from root user on iOS 10.1.1?

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Running GUI app from root user on iOS 10.1.1?

Postby c69c73 » Sat Dec 17, 2016 9:54 am

Hey,

I am running as root on iOS 10.1.1 using the exploit from Ian Beer.
I can run the various tools from iosbinpack64. However I don't manage to launch any GUI app. For example if I call "/private/var/containers/Bundle/Application/BF20D840-953D-4353-891E-4EAE19AC09CC/TestApp.app/TestApp", this seems to kill the shell and I am forced to reboot.

Did I miss something? I am wondering what is happening and how to solve it.
I tried to spawn the binary but this produced the same result. Should a GUI process only run under the mobile user?

Any tips? Thanks a lot!
c69c73
 
Posts: 7
Joined: Sat Dec 17, 2016 9:49 am

Re: Running GUI app from root user on iOS 10.1.1?

Postby Siguza » Sat Dec 17, 2016 8:00 pm

Does the syslog show anything?
User avatar
Siguza
Unicorn
 
Posts: 159
Joined: Thu Jan 28, 2016 10:38 am

Re: Running GUI app from root user on iOS 10.1.1?

Postby c69c73 » Sat Dec 17, 2016 9:29 pm

I don't see anything interesting in the syslog.
c69c73
 
Posts: 7
Joined: Sat Dec 17, 2016 9:49 am

Re: Running GUI app from root user on iOS 10.1.1?

Postby c69c73 » Sun Dec 18, 2016 2:26 pm

I solved my problem. The bash shell is waiting for the process to finish. When you start a GUI app, posix_spawn times out and the shell seems to go in a bad state.
The solution was to create my own command line tool which launches the GUI app using posix_spawn without waiting for the child process.
c69c73
 
Posts: 7
Joined: Sat Dec 17, 2016 9:49 am

Re: Running GUI app from root user on iOS 10.1.1?

Postby morpheus » Tue Dec 20, 2016 3:04 pm

The model of spawning apps in iOS is that launchd is expected to be the one launching; If you do that, however, Beer's sandbox escape won't work. posix_spawning yourself is definitely the better approach, because the app you spawn will then not be sandboxed. A simple workaround is to "&", which will make the shell not wait.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: Running GUI app from root user on iOS 10.1.1?

Postby c69c73 » Tue Dec 20, 2016 5:05 pm

The "&" workaround is indeed a simple solution for testing. Thanks!
c69c73
 
Posts: 7
Joined: Sat Dec 17, 2016 9:49 am


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 5 guests