embedded control panel - can this work?
vda.linux at googlemail.com
Tue Jan 18 15:15:43 UTC 2011
On Tue, Jan 18, 2011 at 12:41 PM, David Collier
<from_busybox_maillist at dexdyne.com> wrote:
> Suppose a C program which is running as web, gains root uid, and then
> invokes a shell.
> Will that busybox in the shell refuse to allow the date to be set, as the
> user isn't "really" root? Or would the extra levels of obfuscation fool
> it into allowing it?
It depends on how exactly "gains root uid" step is done. For example:
$ busybox login
my_hostname login: root
This is a "genuine" root environment, initialized from non-root.
The crucial function login, su etc use to achieve it is:
/* Become the user and group(s) specified by PW. */
void FAST_FUNC change_identity(const struct passwd *pw)
if (initgroups(pw->pw_name, pw->pw_gid) == -1)
bb_perror_msg_and_die("can't set groups");
endgrent(); /* helps to close a fd used internally by libc */
More information about the busybox