[oe] tinylogin vs. busybox
Sergey Lapin
slapinid at gmail.com
Fri Feb 15 12:25:02 UTC 2008
On Fri, Feb 15, 2008 at 2:46 PM, Michael 'Mickey' Lauer
<mickey at vanille-media.de> wrote:
> > , but frankly, I trust
> > busybox as far as I can throw a piano (and toybox as far as I can throw
> > a 21" crt) and SUID root binaries make my skin crawl, so we must be very
> > carefull and do thorough tests before making this change.
> > The last thing we want is $bigcompany to blame OE for the exploitabilty
> > of their devices.
>
> Sure, better safe than sorry. Of course this would not be the default in
> OE.dev without being tested for quite some time.
Well, is it great idea to replace tinylogin with busybox-suid (which
should contain
carefully selected applets and properly tested)?
More information about the Openembedded-devel
mailing list