gnuroot icon indicating copy to clipboard operation
gnuroot copied to clipboard

Published 20 hours ago verified publisher icon corbinlc

Knox problem

Open gadrael opened this issue 10 years ago • 8 comments

On my Samsung galaxy note 10.1 (P605) gnuroot is getting blocked by knox, accused of trying to access system without permission (during apt-get, and after trying to ping - here I get message: setuid: Permission denied)

gadrael avatar Apr 04 '14 08:04 gadrael

This is not a knox issue. Knox errors are different and will show up as pop-ups. Does apt-get work in general when running as fake root? What specifically doesn't work with apt-get (please provide command attempted)? As for ping, I will look into this one. Btw.. most android devices have a built in ping but, of course, it would be nice to have the standard version of ping that is part of your chroot work.

corbinlc avatar Apr 13 '14 05:04 corbinlc

@corbinlc, it is not possible to get ping working under GNURoot because it requires privileges to forge "low-level" network packets. The Linux kernel does not allow ptraced programs to raise their privileges for security reasons, unless the ptracer (PRoot) is executed as root (for real).

cedric-vincent avatar Apr 13 '14 06:04 cedric-vincent

When I start wheezyx, I get knox alert "GNURoot attempted to access system on your device without authorisation. This attempt has been blocked.". Shell starts and i am logged in as (fake)root. Then I try "apt-get update", knox sends the same alert, and apt-get tries to connect servers, but can't resolve name in dns (probably access to network is blocked - it waits till timeout).

gadrael avatar Apr 30 '14 11:04 gadrael

It turned out that knox alerts and dns problems are not connected. By default resolv.conf is set to google dns, but in my network external dnses are blocked. I should have checked it in the beginning, but I assumed that it uses the same dns as android, my mistake :)

gadrael avatar May 05 '14 09:05 gadrael

Is there a solution? I am using th same model and encountered the same problem

rongcuid avatar Nov 02 '14 01:11 rongcuid

Not exactly the same, I don't get permission problems, I just cannot connect

rongcuid avatar Nov 02 '14 01:11 rongcuid

As for "By default resolv.conf is set to google dns" I've been using GNUroot Debian, and I had the impression my network's configured DNS was used until I upgraded GNUroot Debian recently.

Perhaps, I don't remember correctly the previous DNS settings though...

imz avatar Dec 11 '16 16:12 imz

ping request from samsung protected with knox vs a regular android device device router config

192.168.100.3 is Samsung galaxy s8+ #protected with #KNOX 192.168.100.6 is an android device owned by TECNO company # not KNOX protected

i recently was trying device configurations and security practices, on the above two images, compare the router configuration and the cmd PING request, it appears that samsung devices that are protected by KNOX do not accept PINGs from netwoked devices in the same network, it might therefore be protection from samsung knox as the other android device i was pinging returned normal string packets and the TTL(Time To Live) from the packet hops

mwaz avatar Jul 29 '17 07:07 mwaz