embedded control panel - can this work?

David Collier from_busybox_maillist at dexdyne.com
Tue Jan 18 12:26:00 UTC 2011


In article <4D35835D.1050507 at gmx.de>, ralda at gmx.de (Harald Becker) wrote:

> *From:* Harald Becker <ralda at gmx.de>
> *To:* from_busybox_maillist at dexdyne.com
> *CC:* busybox at busybox.net, jeredb at dexdyne.com
> *Date:* Tue, 18 Jan 2011 13:11:09 +0100
> 
>  Hallo David!
> 
> > I've heard of stuff like wheel, but as far as I can see that 
> > doesn't
> > help.... you never become "real root"
> If you run a program suid root you can get real user root using
> setresuid() function and do an exec to run another program with full
> root permissions. That is, how most of those (unexpected) back doors
> work (happen).

Thanks - I had skipped that detail in my memory.. the original programmer
really never got to grips with it all.

I see the busybox exe does do that - but if my C prog is to get root and
start a shell which can spawn vpn, PPP and do ifconfig I need to make
sure my code does too. 

> Hint: Setup a daemon on your system listening on a tcp/udp socket of
> localhost address or a unix domain socket. Run a small stub program 
> as
> part of your web page access to contact your local system daemon (I 
> got
> that working in the past, using shell scripts and netcat). Let your
> daemon (running as root) do any required work or (better) run any
> required program to do the requested work with the least possible 
> user
> privileges.
> 
> busybpx has tcpsrvd which work fine as daemon in that situation 
> running
> (another) busybox shell script to do the work (accepting commands 
> from
> the stub using read built-in and responding using echo built-in). 
> Doing
> it that way and using netcat from a shell CGI script you do not 
> need to
> write any extra code beside busybox :-) ... ok, it's slow and 
> requires a
> lot of memory for those requests, but it works if you have those
> resources. Memory is always reclaimed after processing of the 
> request
> (daemon script exits, tcpsrvd respawns on next request).
> 
> --
> Harald
 
Harald,

That sort of thing is indeed the only "proper" solution to what my
programmer was trying to do. 

slow is not an issue - there's plenty of CPU available!

thanks
-------

I have to implement a "quick fix", and then later a "do it properly"

I think I'll remove the test for "_BB_SUID_DROP" and create a custom
busybox as my quick fix.

We don't have a big security issue, as this web page is only accessible
after logging into a central server. And frankly it's just a data logger,
so why would anyone want to breach it's security ?!?! 

David


More information about the busybox mailing list