[OE-core] busybox: passwd: applet not found

[Laszlo Papp]

On Wed, May 20, 2015 at 3:58 PM, Laszlo Papp <lpapp at kde.org> wrote:
> On Wed, May 20, 2015 at 3:54 PM, Burton, Ross <ross.burton at intel.com> wrote:
>>
>> On 20 May 2015 at 15:50, Laszlo Papp <lpapp at kde.org> wrote:
>>>
>>> Currently, I do not see any simple way without #ifdef jungle in the
>>> code around to it. It is not nice.
>>
>>
>> Looking at the busybox recipe reveals this:
>>
>> # Whether to split the suid apps into a seperate binary
>> BUSYBOX_SPLIT_SUID ?= "1"
>>
>> Just remember that the suid apps were being split out for good security
>> reasons.  There's no need for sed to have suid rights!
>
> I will not argue about security measure improvements as I agree about
> them with you. However, I will debate the way this security measure is
> implemented. It is distraction from the desktop world where you can
> also use busybox and many use. Now, all of a sudden, we have to handle
> them differently in code and scripts.
>
> I think a less intrusive approach to implement this could have been
> (and probably still not late) is to fix the rights underneath and not
> by such wrappers. Such wrappers will introduce this disruption which
> is not strictly needed. Well, you could say that if desktop
> distributions also implement it like this, then there is no
> disruption, but I think that is never going to happen if busybox
> itself does not enforce it.
>
> I think this is not a good implementation for security to remain
> consistent with the rest of the world. Could it be please reconsidered
> towards another solutions?
>
> It is also good if one call tell me how to solve this differentiation
> between desktop and Yocto without further code.

On a second thought: is even worse now than that, our code has to
handle _three_ different scenarios:

1) Desktop.
2) Embedded without Yocto or embedded with old Yocto.
3) Embedded with new Yocto.

I do not get excited about this.