On Mon, Sep 30, 2013 at 08:30:01AM +1000, Ryan Mallon wrote: > The wall applet is setuid and currently does no checking of the real > user's read access to the message file. This allows the wall applet > to be used to display files which are not readable by an > unprivileged user. For example: > > $ wall /etc/shadow > $ wall /proc/vmallocinfo > > Fix this issue by introducing the same check as used by the > util-linux version of wall: only allow the file argument to be used > if the user is root, or the real and effective uid/gids are equal.
No, the fix is to make it so wall is not one of the suid applets. There is no reason whatsoever for wall to be suid. Users who want wall messages are supposed to make their terminal world-writable. Users who don't (i.e. anyone sane) makes their terminal non-world-writable. Idiotic bugs like this (utilities which have no business being suid getting treated as one of the suid cases) are why I recommend not even using the busybox suid feature at all, or at least making a separate busybox binary with only the should-be-suid applets compiled in. Rich _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
