[BusyBox] Improving Our Development Process
Matt Kraai
kraai at alumni.carnegiemellon.edu
Thu Jan 25 15:10:13 UTC 2001
On Thu, Jan 25, 2001 at 01:49:36PM +0200, Tomi Ollila wrote:
> Thursday Jan 25 12:21:38 +0300 2001 Vladimir N. Oleynik <dzo at simtreas.ru> wrote:
> > Tomi Ollila wrote:
> >
> > > Did you see `rm' in the list of suid_applets[] in my example ?
> >
> > Ok :)
> > However, root can remove this wrapper as mount and to make symlink on
> > busybox. Your idea is not safe. If perversion this code can be
> > generated from init --install :)))
>
> Actually, I could not quite follow you. How does my proposition differs
> what can be done w/ your separate wrappers. If you care to write more
> detailed reply I might understand (if necessary). What do you others think?
I wrote a similar wrapper yesterday, but upon inspection I don't
really see the point. I don't see why this approach is any more
secure than checking a per-applet flag and dropping permissions if
appropriate in busybox.c. The same search code will be present
(and, presumably, open to attack) in either case, so having a
separate applet doesn't really buy you any security...
Matt
More information about the busybox
mailing list