[oe] TinyLogin
Phil Blundell
pb at reciva.com
Mon Mar 30 11:12:14 UTC 2009
On Mon, 2009-03-30 at 11:54 +0100, Holger Schurig wrote:
> > - security auditing is difficult, since the large amount of
> > code-sharing in busybox makes it hard to determine which
> > functions can potentially be called from a setuid context;
>
> Can I assume from this that you didn't actually look at busybox's
> source-code?
No, I think you misunderstood what I meant.
The difficulty isn't in determining which applets will run as setuid; as
you say, that's straightforward to determine from the source code
(although not from the binary).
The issue is that, since all the applets are linked together into one
monolithic binary, and hence have the ability in theory to call any
function in that binary, it is difficult to tell by looking at the
source code which functions might potentially be called (directly or
indirectly) by one of the setuid applets and hence would need to be
included in an audit for privilege-escalation vulnerabilities.
> Except that TinyLogin is end-of-life and won't get bugfixes from
> upstream.
Yes, that's obviously the tradeoff. Tinylogin is simple enough, though,
that fixing bugs locally would be easy enough if that became necessary.
p.
More information about the Openembedded-devel
mailing list