embedded control panel - can this work?
from_busybox_maillist at dexdyne.com
Tue Jan 18 12:26:00 UTC 2011
In article <4D35835D.1050507 at gmx.de>, ralda at gmx.de (Harald Becker) wrote:
> *From:* Harald Becker <ralda at gmx.de>
> *To:* from_busybox_maillist at dexdyne.com
> *CC:* busybox at busybox.net, jeredb at dexdyne.com
> *Date:* Tue, 18 Jan 2011 13:11:09 +0100
> Hallo David!
> > I've heard of stuff like wheel, but as far as I can see that
> > doesn't
> > help.... you never become "real root"
> If you run a program suid root you can get real user root using
> setresuid() function and do an exec to run another program with full
> root permissions. That is, how most of those (unexpected) back doors
> work (happen).
Thanks - I had skipped that detail in my memory.. the original programmer
really never got to grips with it all.
I see the busybox exe does do that - but if my C prog is to get root and
start a shell which can spawn vpn, PPP and do ifconfig I need to make
sure my code does too.
> Hint: Setup a daemon on your system listening on a tcp/udp socket of
> localhost address or a unix domain socket. Run a small stub program
> part of your web page access to contact your local system daemon (I
> that working in the past, using shell scripts and netcat). Let your
> daemon (running as root) do any required work or (better) run any
> required program to do the requested work with the least possible
> busybpx has tcpsrvd which work fine as daemon in that situation
> (another) busybox shell script to do the work (accepting commands
> the stub using read built-in and responding using echo built-in).
> it that way and using netcat from a shell CGI script you do not
> need to
> write any extra code beside busybox :-) ... ok, it's slow and
> requires a
> lot of memory for those requests, but it works if you have those
> resources. Memory is always reclaimed after processing of the
> (daemon script exits, tcpsrvd respawns on next request).
That sort of thing is indeed the only "proper" solution to what my
programmer was trying to do.
slow is not an issue - there's plenty of CPU available!
I have to implement a "quick fix", and then later a "do it properly"
I think I'll remove the test for "_BB_SUID_DROP" and create a custom
busybox as my quick fix.
We don't have a big security issue, as this web page is only accessible
after logging into a central server. And frankly it's just a data logger,
so why would anyone want to breach it's security ?!?!
More information about the busybox