On Mon, Jan 3, 2011 at 3:06 PM, Arno Steffen <[email protected]> wrote: > Thanks for quick help! > > I updated busybox with latest stable version by compile and cp via ftp > to /usr/bin > Then I did an "./busybox --install -s" to create the new links. > > I did a "chmod 4755 /bin/busybox" -> login works. > As sudo is not implemented in my system (and not part of busybox) and > a new user is to uncomfortable your 3rd approach looks best. > > I checked here > u...@ubu:/opt/src/busybox-1.18.1$ find . | xargs grep BB_SUID_DROP | grep halt > ./include/applets.h:IF_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_DROP)) > ./include/applets.h:IF_HALT(APPLET_ODDNAME(poweroff, halt, > _BB_DIR_SBIN, _BB_SUID_DROP, poweroff)) > ./include/applets.h:IF_HALT(APPLET_ODDNAME(reboot, halt, _BB_DIR_SBIN, > _BB_SUID_DROP, reboot))
include/applets.h is a generated file. You do not need to touch it. > ./init/halt.c://applet:IF_HALT(APPLET(halt, _BB_DIR_SBIN, _BB_SUID_DROP)) > ./init/halt.c://applet:IF_HALT(APPLET_ODDNAME(poweroff, halt, > _BB_DIR_SBIN, _BB_SUID_DROP, poweroff)) > ./init/halt.c://applet:IF_HALT(APPLET_ODDNAME(reboot, halt, > _BB_DIR_SBIN, _BB_SUID_DROP, reboot)) > > I guess I have to replace BB_SUID_DROP in all 6 lines. > There is just one open question: What is the disadvantage or > side-effect of setting busybox to be setuid. None I know of. Most applets drop suid privileges immediately. Setting busybox suid root is a standard practice, otherwise some programs (login, traceroute, su, mount) will not work for non-root users. -- vda _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
