[BusyBox] Improving Our Development Process

Matt Kraai kraai at alumni.carnegiemellon.edu
Fri Jan 26 15:47:47 UTC 2001 

On Fri, Jan 26, 2001 at 12:42:51PM +0300, Vladimir N. Oleynik wrote:
> Matt Kraai wrote:
> > I realize this.  Otherwise dropping priviledges would be
> > pointless.  What tinylogin does, and what I believe is safe, is to
> > drop priviledges if the applet does not need them (such as
> > logname) and not to drop them for programs which do need to run as
> > root (su, passwd, etc.).  Once they are dropped with a setuid
> > call, there is no way to get them back.  I don't see what the
> > problem with this is.
> 
> Can be. But very strange: inverse logic. 
> And usage addition code for start all applications.
> 
> > > 2) Current `root' (Not busybox) itself should solve, and whether in
> > > general it is necessary to have setuid `mount' (for example).
> > 
> > Although it would be nice for the root user to be able to change
> > the setuid status of different applets via chmod, it isn't worth
> > the space to me to have a unique tiny binary for each applet.
> 
> Also it turns out, that your method to use is impossible generally. 
> As if there will be a desire to make one module at hardlinks it is
> impossible to apply chmod only on one/"many" binaries.
> 
> On what only shifts do not go people if only to not accept 
> another's idea. ;)

As I see it, there are two concerns you raise with integrating the
priviledge dropping code into the main busybox executable.  First,
it is impossible to change which binaries are setuid without
recompiling.  Second, the code for dropping priviledges is
executed by binaries that don't need to be setuid.

As far as I can tell, the second argument isn't really a big
problem.  The size difference should be pretty small, and the
speed unnoticeable.  As to the flexibility problem, I think the
cost of having a separate, unique wrapper binary for each setuid
applet is prohibitive.  A better approach, if such flexibility is
really needed, and I'm not convinced that it is, is to read a list
of setuid executable from /etc/busybox-suid or something.  That
way the administrator could change which programs are setuid
without having to pay the cost of a bunch of wrappers.

Matt

More information about the busybox mailing list