On Thu, Jan 09, 2014 at 02:04:12PM +0100, Tito wrote: > On Thursday 09 January 2014 13:35:59 John Spencer wrote: > > Denys Vlasenko wrote: > > > On Mon, Jan 6, 2014 at 5:03 PM, John Spencer > > > <[email protected]> wrote: > > >> i've been able to get the SOCK_DGRAM stuff to work with a little help of > > >> Vasily, author of the kernel patch. > > >> > > >> see attached proof-of-concept patch. > > >> i'm aware that it doesnt use xbind() and other busybox replacement funcs. > > >> getting it into a more busybox-ish shape is something i leave as a task > > >> for > > >> someone more familiar with the busybox internals. > > >> > > >> note that i didn't test if the added getsockopt calls are strictly > > >> needed, i > > >> added them because they were in the original iputils patch. > > >> > > >> in general the following differences exist between SOCK_RAW and > > >> SOCK_DGRAM > > >> handling: > > >> > > >> 1) the received packet is a raw icmp packet, not an IP one, so it lacks > > >> the > > >> header and is shorter. > > >> 2) the ident (myid) of the packet is sin(6)_port of the sockaddr struct > > >> after doing a bind() and getsockname() on the dgram socket. > > >> > > >> the patch works for both "fancy" ping(6), and "non-fancy" ping(6) (the > > >> latter just sends one packet and displays whether it was successful or > > >> not, > > >> without further info). > > > > > > This seems to lead to a significantly larger code. > > > > > > Making ping suid wasn't such a big problem before, so > > > why should we have all these complications now? > > > > > > > making ping suid in the context of busybox basically means "make the > > entire busybox binary suid" and that is definitely a bad idea (an > > example that comes to mind is the wall vulnerability discovered > > recently). > Hi, > Busybox drops suid privileges for applets that don't require it > even before the applet code is called.
This is not entirely true. Some apps, such as the infamous vulnerable wall, are in the list that "require" it even though, from a standpoint of sanity, wall should not have suid-root and should be restricted to use by only root and group-tty users. Rich _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
