[oe] [PATCH] Fix busybox SUID support
Tom Rini
tom_rini at mentor.com
Wed Feb 24 16:10:06 UTC 2010
On Wed, 2010-02-24 at 11:19 +0100, Marcin Juszkiewicz wrote:
> Dnia wtorek, 23 lutego 2010 o 20:02:56 Tom Rini napisał(a):
> > I was about to just push this and I noticed that a number of
> > distributions (SlugOS, Angstrom, Kaelios, micro) currently set
> > FEATURE_SUID=y, but it's not actually install SUID. And since I recall
> > some way-back-when's of "busybox SUID is dangerous / crap!", I thought
> > it best to post the patch first and let folks speak up / ask me to drop
> > FEATURE_SUID=y when I do this. So, here's the patch:
>
> Ok, but does not it require /etc/something to list which applets are allowed
> to be suid and which are not?
>
> Hm. checked sources. with FEATURE_SUID suid will be active only for "crontab,
> dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su, traceroute, vlock"
> commands. /etc/busybox.conf is CONFIG_FEATURE_SUID_CONFIG option.
To be clear, enabling one of those applets will force FEATURE_SUID to be
set. FEATURE_SUID_CONFIG lets you configure who can run these SUID
programs.
--
Tom Rini <tom_rini at mentor.com>
Mentor Graphics Corporation
More information about the Openembedded-devel
mailing list