[oe] [PATCH] Fix busybox SUID support
C Michael Sundius
msundius at sundius.com
Fri Feb 26 20:21:56 UTC 2010
On Fri, Feb 26, 2010 at 10:20 AM, Koen Kooi <k.kooi at student.utwente.nl>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 26-02-10 16:43, Mike Westerhof wrote:
> > Tom Rini wrote:
> >> I was about to just push this and I noticed that a number of
> >> distributions (SlugOS, Angstrom, Kaelios, micro) currently set
> >> FEATURE_SUID=y, but it's not actually install SUID. And since I recall
> >> some way-back-when's of "busybox SUID is dangerous / crap!", I thought
> >> it best to post the patch first and let folks speak up / ask me to drop
> >> FEATURE_SUID=y when I do this. So, here's the patch:
> >
> > In the case of SlugOS, this was deliberate -- the thinking was that we
> > would let the user decide if they wanted to run busybox SUID after
> > installation. In retrospect, that actually led to more problems than
> > good, so this change gets an ACK from me (albeit late - sorry for the
> > delay!)
>
> The same logic was applied to angstrom "let users sort it out", but I
> think this patch is a better way to go.
>
>
just to give you a heads up, we're currently working on a patch to busybox
(and well have an OE recipe for it too) which will allow us to currently
create two busybox executables: busybox-suid and busybox-nsuid. this way we
can have the best of both worlds. maintain suid for programs that really
require it while keeping the likes of ls and cat safe for the masses...
once its through our internal review, we'll send it out.
mike
More information about the Openembedded-devel
mailing list