[oe] TinyLogin
Holger Schurig
hs4233 at mail.mn-solutions.de
Mon Mar 30 09:18:38 UTC 2009
> > And maybe it should be deprecated as well. With Busybox
> > 1.13.3 you won't need TinyLogin at all.
>
> You do if you don't want busybox to run setuid root.
Is this a problem? After all, busybox can drop priviledges:
-------------------------------
CONFIG_FEATURE_SUID
With this option you can install the busybox binary belonging to
root with the suid bit set, and it will automatically drop
priviledges for applets that don't need root access.
-------------------------------
The text goes further in case you don't trust busybox' auto-drop
capability:
-------------------------------
If you are really paranoid and don't want to do this, build two
busybox binaries with different applets in them (and the
appropriate symlinks pointing to each binary), and only set the
suid bit on the one that needs it. The applets currently marked
to need the suid bit are:
crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,
traceroute, vlock.
----------------------------------
So, the paranoid thinking would make a tinylogin_1.13_3.bb file,
which has busybox 1.13.3 in it's SRC_URI, select only the stuff
needed for passwd, login, su and friends and install that a
SUID.
In the meantime, I'm happy with my CONFIG_FEATURE_SUID-configured
busybox :-)
More information about the Openembedded-devel
mailing list