On Thursday 09 January 2014 15:07:23 Laurent Bercot wrote: > > >> making ping suid in the context of busybox basically means "make the > >> entire busybox binary suid" and that is definitely a bad idea (an > >> example that comes to mind is the wall vulnerability discovered > >> recently). > > Hi, > > Busybox drops suid privileges for applets that don't require it > > even before the applet code is called. > > I never understood all the fuss about that or the chosen > Busybox solution. Gaining privileges is the single most dangerous > thing in Unix ; gaining privileges then dropping them if you didn't > need them after all is playing with fire for no reason. > > Here is what I do: > > * make a single busybox binary with all the applets I need. My > busybox binary is NEVER setuid. > * compile a separate small C program that tests whether > `basename $0` is in a list of accepted words, and if it is the > case, execs into "/bin/busybox `basename $0` $@". Make that separate > binary setuid root.
Hi, basename is a link to which one of the busybox binaries? Ciao, Tito > * the utilities that need to be setuid root are symlinks to that > binary, the other ones are direct symlinks to busybox. > > This solution makes me trust 4 lines of code instead of the > whole busybox binary, and privileges are only gained if they > are really needed. Sure, I have to edit the list of setuid applets > in an additional place; this is a small price to pay for > correctness. > > _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
