[BusyBox] Improving Our Development Process
Matt Kraai
kraai at alumni.carnegiemellon.edu
Fri Jan 26 02:17:00 UTC 2001
On Thu, Jan 25, 2001 at 07:31:35PM +0300, Vladimir N. Oleynik wrote:
> "Vladimir N. Oleynik" wrote:
> >
> > Matt Kraai wrote:
> > > if (applet->need_suid != TRUE) {
> > > setuid(getuid());
> > > setgid(getgid());
> > > }
> > >
> >
> > $ su
> > Pass: XXX
> > # rm -rf / && echo Ok
> > Ok
>
> And
> 1) Thus, a setuid-root program wishing to temporarily drop root
> privi-leges, assume the identity of a non-root user, and then regain
> root privileges afterwards cannot use setuid. You can accomplish this with
> the (non-POSIX, BSD) call seteuid.
I realize this. Otherwise dropping priviledges would be
pointless. What tinylogin does, and what I believe is safe, is to
drop priviledges if the applet does not need them (such as
logname) and not to drop them for programs which do need to run as
root (su, passwd, etc.). Once they are dropped with a setuid
call, there is no way to get them back. I don't see what the
problem with this is.
> 2) Current `root' (Not busybox) itself should solve, and whether in
> general it is necessary to have setuid `mount' (for example).
Although it would be nice for the root user to be able to change
the setuid status of different applets via chmod, it isn't worth
the space to me to have a unique tiny binary for each applet.
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20010125/80fea06e/attachment.pgp
More information about the busybox
mailing list