su - without password in 1.3.0

Bernhard Fischer rep.dot.nop at gmail.com
Sun Jan 14 12:38:55 UTC 2007


On Sun, Jan 14, 2007 at 12:42:45PM +0100, Tito wrote:
>On Sunday 14 January 2007 08:56, Marc Leeman wrote:
>> > Why do you need it? It works ok without config entry like this...
>> 
>> Because busybox needs to gain root someway, and in the past, it was
>> certainly done like this.
>> 
>> It works, well kind of. The problem is that it should at least ask for a
>> root password and not drop any user into a rootshell without a request
>> for a password.
>> 
>> I'll see if I have time to have a look at it next week, but as it is, we
>> cannot use busybox > 1.2.2 due to this bug :-(
>> 
>> > I did not lern yet busybox.conf format, I suppose
>> > there may be a mistake in your line (so that su thinks
>> > that it runs by root)
>> 
>> There might be a mistake, but then it became a mistake from 1.3.0
>> onwards since it has performed as expected for over a year.
>>
>
>Hi to all!
>Could you please test the attached applets.c drop in replacement file?
>For me it fixes the problem, but as i do not fully understand this
>bb_suid_* stuff probably it breaks everything else.
>
>The logic is:
>if in busybox.conf uid.gid is 0.0 don't touch uid gid ruid rgid as the applet will decide what to do,
>in other words if we don't have to drop privileges as per directive in busybox.conf or as result
>of a parse error or as fallback, don't mess up the uid/ruid, gid/rgid values.
>
>The word to the real gurus.......  ;-)
>
>Ciao,
>Tito

>/* vi: set sw=4 ts=4: */
[snip]
>#if ENABLE_SHOW_USAGE && !ENABLE_FEATURE_COMPRESS_USAGE
>static const char usage_messages[] =
>#define MAKE_USAGE
>#include "usage.h"
>#include "applets.h"
>;

(Your allnoconfig is broken, isn't it?)

What caused this bug? Was it
http://busybox.net/cgi-bin/viewcvs.cgi/trunk/busybox/applets/applets.c?rev=15703&r1=15420&r2=15703
or some of the SYSLOG stuff against su
Just curious..



More information about the busybox mailing list