/etc/busybox.conf confusion [secutiry?]

Tito farmatito at tiscali.it
Thu May 3 06:42:02 UTC 2007


On Thursday 03 May 2007 00:39:07 Denis Vlasenko wrote:
> On Tuesday 01 May 2007 23:25, Tito wrote:
> > Just for the fun while studying how check_suid() works i've rewritten it....
> > Can you test if this fixes your problem?
> > 
> > Ciao,
> > Tito
> 
> I like it. I really do. But:
> 
>         /* if we are root this is skipped as suid_cfg_readable is 0 */
>         if (suid_cfg_readable) {
> ...
>         } else {
>                 if (!ENABLE_FEATURE_SUID_CONFIG_QUIET) {
>                         static bool onetime = 0;
> 
>                         if (ruid && !onetime) {
>                                 onetime = 1;
>                                 fprintf(stderr, "Using fallback suid method\n");
>                         }
>                 }
>         }
> 
> 
> if ENABLE_FEATURE_SUID_CONFIG_QUIET=n, root will always see bogus complaint.


Hi,

Don't think so as we test for:

          if (ruid && !onetime) {

so root ruid=0 will never see any bogus error message.

> 
>         xsetuid(ruid);
>         xsetgid(rgid);

> You have to set effective and saved ids, without touching real ids.
> This is needed by su etc to find whether they were called by non-root
> (they use getuid() for that).

Maybe we could change the call to:

#define _GNU_SOURCE
#include <unistd.h>

 int setresuid(uid_t ruid, uid_t euid, uid_t suid);
 int setresgid(gid_t rgid, gid_t egid, gid_t sgid);

DESCRIPTION
       setresuid() sets the real user ID, the effective user ID, and the saved
       set-user-ID of the current process.

       Unprivileged user processes may change the real UID, effective UID, and
       saved  set-user-ID,  each  to one of: the current real UID, the current
       effective UID or the current saved set-user-ID.

       Privileged processes (on Linux, those having the CAP_SETUID capability)
       may set the real UID, effective UID, and saved set-user-ID to arbitrary
       values.

       If one of the parameters equals -1,  the  corresponding  value  is  not
       changed.

       Regardless of what changes are made to the real UID, effective UID, and
       saved set-user-ID, the file system UID is always set to the same  value
       as the (possibly new) effective UID.

       Completely  analogously,  setresgid() sets the real GID, effective GID,
       and saved set-group-ID of the current process (and always modifies  the
       file  system  GID  to  be the same as the effective GID), with the same
       restrictions for non-privileged processes.
 
> Or do this: (a) do not clobber static uid_t ruid, (b) make it visible
> in all applets [make it global, not static], (c) chase getuid() calls
> in all applets and replace them with testing global ruid.
> 
> This can squize some tens of bytes and save few getuid() calls, but
> it's sorta complicated, especially that ruid variable currently exists only
> if FEATURE_SUID=y... probably this is needed:
> 
> /* libbb.h */
> #if ENABLE_FEATURE_SUID
> extern uid_t bb_ruid;
> #define BB_RUID() bb_ruid
> #else
> #define BB_RUID() getuid()
> #endif
> 
> Oh...
> --
> vda
> 

Ciao,
Tito




More information about the busybox mailing list