In article <[email protected]>, [email protected] (Harald Becker) wrote:
> *From:* Harald Becker <[email protected]> > *To:* [email protected] > *CC:* [email protected], [email protected] > *Date:* Tue, 18 Jan 2011 13:11:09 +0100 > > Hallo David! > > > I've heard of stuff like wheel, but as far as I can see that > > doesn't > > help.... you never become "real root" > If you run a program suid root you can get real user root using > setresuid() function and do an exec to run another program with full > root permissions. That is, how most of those (unexpected) back doors > work (happen). Thanks - I had skipped that detail in my memory.. the original programmer really never got to grips with it all. I see the busybox exe does do that - but if my C prog is to get root and start a shell which can spawn vpn, PPP and do ifconfig I need to make sure my code does too. > Hint: Setup a daemon on your system listening on a tcp/udp socket of > localhost address or a unix domain socket. Run a small stub program > as > part of your web page access to contact your local system daemon (I > got > that working in the past, using shell scripts and netcat). Let your > daemon (running as root) do any required work or (better) run any > required program to do the requested work with the least possible > user > privileges. > > busybpx has tcpsrvd which work fine as daemon in that situation > running > (another) busybox shell script to do the work (accepting commands > from > the stub using read built-in and responding using echo built-in). > Doing > it that way and using netcat from a shell CGI script you do not > need to > write any extra code beside busybox :-) ... ok, it's slow and > requires a > lot of memory for those requests, but it works if you have those > resources. Memory is always reclaimed after processing of the > request > (daemon script exits, tcpsrvd respawns on next request). > > -- > Harald Harald, That sort of thing is indeed the only "proper" solution to what my programmer was trying to do. slow is not an issue - there's plenty of CPU available! thanks ------- I have to implement a "quick fix", and then later a "do it properly" I think I'll remove the test for "_BB_SUID_DROP" and create a custom busybox as my quick fix. We don't have a big security issue, as this web page is only accessible after logging into a central server. And frankly it's just a data logger, so why would anyone want to breach it's security ?!?! David _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
