[Bug 4544] $TMPDIR lost on launching a new non-root shell instance when the SUID bit is set

bugzilla at busybox.net bugzilla at busybox.net
Mon Dec 5 03:11:20 UTC 2011


https://bugs.busybox.net/show_bug.cgi?id=4544

--- Comment #3 from Denys Vlasenko <vda.linux at googlemail.com> 2011-12-05 03:11:20 UTC ---
(In reply to comment #2)
> (In reply to comment #1)
> > Found this at http://www.win.tue.nl/~aeb/linux/hh/hh-8.html (see ***):
> > 
> Thank you for looking into this bug.
> 
> > 
> > So. The question is: do you use glibc?
> > 
> Yes, eglibc on the N900 and GNU libc on my notebook.
> 
> > I did test uclibc-based static build and $TMPDIR is not cleared there in
> > scenarios you described.
>
> I see. However, is it desireable that BusyBox' shell behaves this differently
> with different C libraries?

Of course not.

But clearing of TMPDIR is done by glibc. It's impossible to override this
action in busybox, since clearing happens *before* busybox's main() is invoked.

> It seems to me that losing environment variables when the very same user
> launches a new shell is something we do not want, even though this is not
> caused by BusyBox itself. What is your opinion about working around this
> feature of glibc (if possible)? Maybe as a configurable option of BusyBox?

Possible solution: don't set busybox as setuid.

If you must, build two bbox binaries, one with all applets which need setuid,
and one with all the rest. Shell applets should go into second one.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list