suid not working as I'd hope???

Denys Vlasenko vda.linux at googlemail.com
Mon Jan 17 18:57:11 UTC 2011


On Mon, Jan 17, 2011 at 6:38 PM, David Collier
<from_busybox_maillist at dexdyne.com> wrote:
> I have the following set-up
>
> $ ls -l /bin/busybox
> -rwsr-xr-x 1 root root 376108 2008-09-07 23:29 /bin/busybox
>
> $ ls -l /bin/date
> -rwsr-xr-x 1 root root 55052 2008-04-04 14:22 /bin/date
>
> if I login as web, I can change the date with "date", but if I do
> "busybox date" it comes back with
>
>    date: cannot set date: Operation not permitted

Which is good.
Otherwise, busybox cp /my/file /etc/passwd would work too.

> Can anyone suggest why I've failed to get busybox to adopt root user and
> do the job?

Because of this in libbb/appletlib.c:

static void check_suid(int applet_no)
{
...
        if (APPLET_SUID(applet_no) == _BB_SUID_REQUIRE) {
                /* Real uid is not 0. If euid isn't 0 too, suid bit
                 * is most probably not set on our executable */
                if (geteuid())
                        bb_error_msg_and_die("must be suid to work properly");
        } else if (APPLET_SUID(applet_no) == _BB_SUID_DROP) {
HERE =>         xsetgid(rgid);  /* drop all privileges */
HERE =>         xsetuid(ruid);
        }
}

date is _BB_SUID_DROP applet.

-- 
vda


More information about the busybox mailing list