Busybox for Mini2440
Mike Frysinger
vapier at gentoo.org
Tue Nov 24 17:37:22 UTC 2009
On Tuesday 24 November 2009 01:54:25 Tito wrote:
> On Tuesday 24 November 2009 01:06:06 you wrote:
> > >Did you "suid" busybox?
> >
> > We don't do that, I was uncomfortable with giving
> > all BB applets such privilege. We wrote a simple
> > suid-root exec-er that was linked to the few apps
> > that needed such privilege, it in turn just execs
> > "busybox $*" (in effect) to get it done.
>
> This is unneeded as busybox drops itself the super user privileges
> at start for the applets that don't need it. Keep it simple.
> Why should your suid-root exec-er be safer than busybox?
one might say jim is keeping it simple. it's a lot easier to audit a smaller
redirector binary than it is to audit the busybox code base.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20091124/11fa0e91/attachment.pgp>
More information about the busybox
mailing list