On Mon, Jan 17, 2011 at 6:38 PM, David Collier
<[email protected]> wrote:
> I have the following set-up
>
> $ ls -l /bin/busybox
> -rwsr-xr-x 1 root root 376108 2008-09-07 23:29 /bin/busybox
>
> $ ls -l /bin/date
> -rwsr-xr-x 1 root root 55052 2008-04-04 14:22 /bin/date
>
> if I login as web, I can change the date with "date", but if I do
> "busybox date" it comes back with
>
> date: cannot set date: Operation not permitted
Which is good.
Otherwise, busybox cp /my/file /etc/passwd would work too.
> Can anyone suggest why I've failed to get busybox to adopt root user and
> do the job?
Because of this in libbb/appletlib.c:
static void check_suid(int applet_no)
{
...
if (APPLET_SUID(applet_no) == _BB_SUID_REQUIRE) {
/* Real uid is not 0. If euid isn't 0 too, suid bit
* is most probably not set on our executable */
if (geteuid())
bb_error_msg_and_die("must be suid to work properly");
} else if (APPLET_SUID(applet_no) == _BB_SUID_DROP) {
HERE => xsetgid(rgid); /* drop all privileges */
HERE => xsetuid(ruid);
}
}
date is _BB_SUID_DROP applet.
--
vda
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
