[oe] tinylogin vs. busybox
Michael 'Mickey' Lauer
mickey at vanille-media.de
Wed Feb 13 13:32:42 UTC 2008
On Wednesday 13 February 2008 13:53:18 Koen Kooi wrote:
> Michael 'Mickey' Lauer schreef:
> | I just realized that we are still using tinylogin which has bugs and
>
> is dead.
>
> | Newer busybox releases contain all the functionality. Anyone know a
> | compelling reason to keep using tinylogin as the default in task-base? If
> | not, I'd like to switch to busybox (after changing its defconfig) soon.
>
> Using busybox as login requires it being setuid root, with all the nasty
> security implications stemming from that.
http://www.busybox.net/lists/busybox/2004-May/011551.html give me the opinion
that this is not a problem.
> I don't think OE should force
> people to only have one user ('root') on their systems, since that is
> exactly what your proposed change would mean.
I agree, but I don't see why using busybox login would limit us to root-only.
Care to give more details?
Besides, I think using something old and dead as tinylogin with known bugs is
more of a security problem than setuid root busybox...
:M:
--
Dr. Michael 'Mickey' Lauer | IT-Freelancer | http://www.vanille-media.de
More information about the Openembedded-devel
mailing list