[BusyBox 0000549]: Wrong SUID handling when invoking busybox binary directly

bugs at busybox.net bugs at busybox.net
Wed Jan 11 03:27:14 UTC 2006


The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=549 
====================================================================== 
Reported By:                aforet
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   549
Category:                   Other
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             11-17-2005 04:42 PST
Last Modified:              01-10-2006 19:27 PST
====================================================================== 
Summary:                    Wrong SUID handling when invoking busybox binary
directly
Description: 
I'm using the following configuration file /etc/busybox.conf (rw-r--r--
root:root):
"[SUID]
tar = sx- root.users"

The Busybox binary has the SetUID bit.

When invoking the tar applet (as an unprivileged user) using the following
command line:
$ busybox tar xvf file.tar [files to pack]

Busybox first considers "busybox" as the applet name. When it tries to
handle SUID settings, since there is no matching entry for this applet in
the configuration file, it drops all its privileges (see check_suid()
function in src/applets/applets.c).

Then, it tries to look for the 2nd argument as the applet name ("tar" in
this example). This time, the applet exists, and a matching entry is found
in the configuration file, but it is too late, priviledges were already
dropped during the previous round.

As a consequence, calling an applet by running the busybox binary directly
always lead to run the applet without taking into account the settings from
the configuration file.
====================================================================== 

---------------------------------------------------------------------- 
 vodz - 12-05-05 08:46  
---------------------------------------------------------------------- 
I can`t reproduce this.
If /etc/busybox.conf have not line for applet, used hardcode suid
configuration from include/applets.h. This file have MAYBE suid option for
"busybox" applet and do not drop privilegies. 

---------------------------------------------------------------------- 
 landley - 01-10-06 19:27  
---------------------------------------------------------------------- 
If you're calling an applet via the "busybox" name, and you're not root,
then you shouldn't become root.  You're requesting a behavior change, and
I don't think it's a good idea. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
11-17-05 04:42  aforet         New Issue                                    
11-17-05 04:42  aforet         Status                   new => assigned     
11-17-05 04:42  aforet         Assigned To               => BusyBox         
12-05-05 08:46  vodz           Note Added: 0000724                          
01-10-06 19:27  landley        Status                   assigned => closed  
01-10-06 19:27  landley        Note Added: 0000921                          
======================================================================




More information about the busybox-cvs mailing list