[OE-core] busybox: passwd: applet not found
Laszlo Papp
lpapp at kde.org
Wed May 20 14:58:28 UTC 2015
On Wed, May 20, 2015 at 3:54 PM, Burton, Ross <ross.burton at intel.com> wrote:
>
> On 20 May 2015 at 15:50, Laszlo Papp <lpapp at kde.org> wrote:
>>
>> Currently, I do not see any simple way without #ifdef jungle in the
>> code around to it. It is not nice.
>
>
> Looking at the busybox recipe reveals this:
>
> # Whether to split the suid apps into a seperate binary
> BUSYBOX_SPLIT_SUID ?= "1"
>
> Just remember that the suid apps were being split out for good security
> reasons. There's no need for sed to have suid rights!
I will not argue about security measure improvements as I agree about
them with you. However, I will debate the way this security measure is
implemented. It is distraction from the desktop world where you can
also use busybox and many use. Now, all of a sudden, we have to handle
them differently in code and scripts.
I think a less intrusive approach to implement this could have been
(and probably still not late) is to fix the rights underneath and not
by such wrappers. Such wrappers will introduce this disruption which
is not strictly needed. Well, you could say that if desktop
distributions also implement it like this, then there is no
disruption, but I think that is never going to happen if busybox
itself does not enforce it.
I think this is not a good implementation for security to remain
consistent with the rest of the world. Could it be please reconsidered
towards another solutions?
It is also good if one call tell me how to solve this differentiation
between desktop and Yocto without further code.
More information about the Openembedded-core
mailing list