[SailfishDevel] Where did devel-su come from and what's its purpose?

[Bernd Wachter]

Mehdi El Gueddari <mehdi at tickmeet.com> writes:

> I'm been googling long and hard but haven't been able to find much
> information about the 'devel-su' command, beyond the fact that it's the
> command to use on Sailfish to switch to the root user. I also couldn't find
> the source code for it anywhere.

I'm the author, and the source is (currently) not open. It is on the
list of stuff I'd like to see opened up when I have time for that,
though. It's one of those small utilities you can easily write during
your lunch break, if you have a basic understanding of UNIX concepts.

> If there is someone with more insider knowledge here, I'd love to hear
> about where this command came from and how it differs from 'su'.
>
> The first mentions of 'devel-su' I've been able to find were from 2011 in
> relation to MeeGo. I couldn't find any information about why this command
> was created for MeeGo though. It may have been related to MeeGo's security
> platform Aegis (part of the Mobile Simplified Security Framework it seems)
> but there's precious little information about Aegis or MSSF out there.
>
> Back in the Meego days, 'devel-su' would let you switch to, quite
> literally, a developer super user account, which had more privileges than a
> normal user but wasn't quite root (or at least it seems that way from the
> few user complaints I could find).

This devel-su did indeed have ties to aegis, and it let you do
everything not explicitely prevented by aegis settings. Aegis blocked
several useful things, which caused the annoyance.

The Sailfish devel-su only shares the name -- it was chosen to have it
easily discoverable for developers coming from MeeGo/Harmattan, but was
written from scratch. It's available as su-devel as well to make it
better discoverable for people without MeeGo background.

> Sailfish is very different however. There's no Aegis there. The 'devel-su'
> command lets you switch to the real root user and gives you full root
> access to your device. In fact, once you're root, you can just reset the
> root user password (which appears to not be set or be set to a random value
> by default) and then just use the 'su' command normally instead of
> 'devel-su' (
> https://together.jolla.com/question/30565/howto-using-su-instead-of-devel-su/
> ).
>
> So why 'devel-su' then?
>
> AFAICS, one difference between 'su' and 'devel-su' is that 'devel-su'
> checks the password set in the device's Developer Mode settings instead of
> using the normal root password. So you can disable root login via
> 'devel-su' or change the 'devel-su' password there.

To be more precise, the settings page sets the password for the nemo user,
and devel-su authenticates using the users password, instead of the root
password, as used by su. Reason for that setup is just to be as paranoid
as possible when it comes to access of your device, which includes a
disabled root user. You're free to do whatever you want with your
device, though.

The other question which might come up would be "why not sudo": Back
when we were building the phone sudo did not work very well with
systemd. Additionally it's pretty complex, easy to break, and had its
share of exploits. devel-su is about 150 lines, including boilerplate,
so quite easy to audit.


Bernd