[OE-core] busybox: passwd: applet not found
Laszlo Papp
lpapp at kde.org
Wed May 20 15:20:03 UTC 2015
On Wed, May 20, 2015 at 4:17 PM, Bernhard Reutner-Fischer
<rep.dot.nop at gmail.com> wrote:
> On 20 May 2015 at 17:09, Laszlo Papp <lpapp at kde.org> wrote:
>> On Wed, May 20, 2015 at 4:07 PM, Burton, Ross <ross.burton at intel.com> wrote:
>>>
>>> On 20 May 2015 at 16:02, Laszlo Papp <lpapp at kde.org> wrote:
>>>>
>>>> On a second thought: is even worse now than that, our code has to
>>>> handle _three_ different scenarios:
>>>>
>>>> 1) Desktop.
>>>> 2) Embedded without Yocto or embedded with old Yocto.
>>>> 3) Embedded with new Yocto.
>>>>
>>>> I do not get excited about this.
>>>
>>>
>>> Do as the documentation says in your distro and you have one scenario.
>>
>> That means compromising security. I am now looking for the ideal case
>> in the future. What is wrong about dropping the privileges in busybox
>> for undedicated processes without creating this separation?
>>
>> That would combine the convenience with security, wouldn't it?
>
> We already do that. Since June 2002. version 0.60.4
Then I cannot understand the incompatible change. If the privilege is
dropped early and the code is well-understood, then what exactly was
being solved in here for the price of incompatibility and more complex
environments across projects?
But in any case, if BUSYBOX_SPLIT_SUID=0 helps me with being
compatible while it still drops the privileges properly as intended by
busybox upstream, I guess I can go for that. I am yet to understand
the "certain users do not follow it" part. What exactly?
More information about the Openembedded-core
mailing list