Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ah, but how does this Superuser.apk achieve root privileges? By calling the setuid root `su` program, you say.

And how does this setuid root program actually gain root privileges? Why, the OS is able to execute arbitrary code with arbitrary privileges, and it makes an exception for `su`.

Wait... so Android could run processes with root privileges without asking you? Whoa!

Now consider that adbd on a rooted device runs with root privileges...



Jumping to conclusions, are we?

Superuser.apk does not achieve root privileges and su does not blindly run your program with root privileges. su asks superuser.apk, if your program is allowed to run as root and only when superuser.apk agrees (and displays toast), then your program is run.

Also, the arbitrary privileges are reserved for setuid programs, which is not easy to achieve. Basically, su and Superuser.apk are gatekeepers to uid 0, which short of bugs, you can't get around.

Also, did you know, that you can disable adbd? Or remove root privileges from it?


You forget that init executes as root, and is therefore able to spawn root children.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: