/etc/busybox.conf confusion [secutiry?]
Tito
farmatito at tiscali.it
Thu May 3 06:42:02 UTC 2007
On Thursday 03 May 2007 00:39:07 Denis Vlasenko wrote:
> On Tuesday 01 May 2007 23:25, Tito wrote:
> > Just for the fun while studying how check_suid() works i've rewritten it....
> > Can you test if this fixes your problem?
> >
> > Ciao,
> > Tito
>
> I like it. I really do. But:
>
> /* if we are root this is skipped as suid_cfg_readable is 0 */
> if (suid_cfg_readable) {
> ...
> } else {
> if (!ENABLE_FEATURE_SUID_CONFIG_QUIET) {
> static bool onetime = 0;
>
> if (ruid && !onetime) {
> onetime = 1;
> fprintf(stderr, "Using fallback suid method\n");
> }
> }
> }
>
>
> if ENABLE_FEATURE_SUID_CONFIG_QUIET=n, root will always see bogus complaint.
Hi,
Don't think so as we test for:
if (ruid && !onetime) {
so root ruid=0 will never see any bogus error message.
>
> xsetuid(ruid);
> xsetgid(rgid);
> You have to set effective and saved ids, without touching real ids.
> This is needed by su etc to find whether they were called by non-root
> (they use getuid() for that).
Maybe we could change the call to:
#define _GNU_SOURCE
#include <unistd.h>
int setresuid(uid_t ruid, uid_t euid, uid_t suid);
int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
DESCRIPTION
setresuid() sets the real user ID, the effective user ID, and the saved
set-user-ID of the current process.
Unprivileged user processes may change the real UID, effective UID, and
saved set-user-ID, each to one of: the current real UID, the current
effective UID or the current saved set-user-ID.
Privileged processes (on Linux, those having the CAP_SETUID capability)
may set the real UID, effective UID, and saved set-user-ID to arbitrary
values.
If one of the parameters equals -1, the corresponding value is not
changed.
Regardless of what changes are made to the real UID, effective UID, and
saved set-user-ID, the file system UID is always set to the same value
as the (possibly new) effective UID.
Completely analogously, setresgid() sets the real GID, effective GID,
and saved set-group-ID of the current process (and always modifies the
file system GID to be the same as the effective GID), with the same
restrictions for non-privileged processes.
> Or do this: (a) do not clobber static uid_t ruid, (b) make it visible
> in all applets [make it global, not static], (c) chase getuid() calls
> in all applets and replace them with testing global ruid.
>
> This can squize some tens of bytes and save few getuid() calls, but
> it's sorta complicated, especially that ruid variable currently exists only
> if FEATURE_SUID=y... probably this is needed:
>
> /* libbb.h */
> #if ENABLE_FEATURE_SUID
> extern uid_t bb_ruid;
> #define BB_RUID() bb_ruid
> #else
> #define BB_RUID() getuid()
> #endif
>
> Oh...
> --
> vda
>
Ciao,
Tito
More information about the busybox
mailing list