suid not working as I'd hope???

David Collier from_busybox_maillist at dexdyne.com
Tue Jan 18 10:22:00 UTC 2011


Denys,

Can you please shout if any of the following is inaccurate?

V0.60 of busybox used to run all applets according to the sole suid bit
attached to the busybox exe. So the old system I have with that old
busybox can be kludged in one change to allow user web to run all
commands as "root" - including whoami and dangerous stuff like password.

Recent versions of busybox have an entry in the struct "applets" ( which
defines each applet ), telling the system for each applet whether to

    1  run (only) if the user is root 
                  or the busybox exe has the suid bit set
    2  only run as root if the user REALLY IS ROOT - suid doesn't count.
    3  neither of the above...
      
So in order to reproduce the kludge my colleague was using on busybox 0.6,
I would need to recompile the current busybox "permitting" the list of
commands I want to take advantage of suid, to work with it, and not
disregard it.

Or of course I could edit out the code which tests for alternative 2 I
guess..... and that should reproduce the old 0.6 situation?

But if I try to install my s/w on a guest computer where I don't have
"control" of the creation of the busybox, I'm stuffed - this type of
kludge is not available to me :-)

TVM

David





In article <AANLkTik8RiRi_TPuSc-S8=_BjPB9jiLKnS9k=frHxEiA at mail.gmail.com>,
vda.linux at googlemail.com (Denys Vlasenko) wrote:

> *From:* Denys Vlasenko <vda.linux at googlemail.com>
> *To:* from_busybox_maillist at dexdyne.com
> *CC:* busybox at busybox.net
> *Date:* Mon, 17 Jan 2011 19:57:11 +0100
> 
> On Mon, Jan 17, 2011 at 6:38 PM, David Collier
> <from_busybox_maillist at dexdyne.com> wrote:
> > I have the following set-up
> >
> > $ ls -l /bin/busybox
> > -rwsr-xr-x 1 root root 376108 2008-09-07 23:29 /bin/busybox
> >
> > $ ls -l /bin/date
> > -rwsr-xr-x 1 root root 55052 2008-04-04 14:22 /bin/date
> >
> > if I login as web, I can change the date with "date", but if I do
> > "busybox date" it comes back with
> >
> >    date: cannot set date: Operation not permitted
> 
> Which is good.
> Otherwise, busybox cp /my/file /etc/passwd would work too.
> 
> > Can anyone suggest why I've failed to get busybox to adopt root 
> > user and
> > do the job?
> 
> Because of this in libbb/appletlib.c:
> 
> static void check_suid(int applet_no)
> {
> ...
>         if (APPLET_SUID(applet_no) == _BB_SUID_REQUIRE) {
>                 /* Real uid is not 0. If euid isn't 0 too, suid bit
>                  * is most probably not set on our executable */
>                 if (geteuid())
>                         bb_error_msg_and_die("must be suid to work 
> properly");
>         } else if (APPLET_SUID(applet_no) == _BB_SUID_DROP) {
> HERE =>         xsetgid(rgid);  /* drop all privileges */
> HERE =>         xsetuid(ruid);
>         }
> }
> 
> date is _BB_SUID_DROP applet.
> 
> -- 
> vda
> 


More information about the busybox mailing list