call halt/reboot as user

Cathey, Jim jcathey at ciena.com
Mon Jan 3 17:54:57 UTC 2011


>There is just one open question: What is the disadvantage or
>side-effect of setting busybox to be setuid.

Our appliance needed this stuff too, and rather than scrub
through busybox to see if making it suid was sufficiently
'safe', we just wrote a wrapper program that was itself
suid, and that chained in BB.  This program is what is
linked into the filesystem as su, login, ping, traceroute,
etc.  We called it suidexec.c, and it looks something like:

int
main(int argc, char **argv, char **envp)
{
   int ii;
   char **nargv, *cp;

   nargv = calloc((ii=argc) + 2, sizeof *nargv);
   while (ii >= 0) {
      nargv[ii + 1] = argv[ii];
      ii--;
   }
   nargv[0] = "busybox";
   if ((cp = strrchr(argv[0], '/')))
      nargv[1] = cp + 1;

   execve("/bin/busybox", nargv, envp);
   return 1;
}

-- Jim



More information about the busybox mailing list