Busybox awk throws glibc failure if using standalone/preferred applet feature

Tito farmatito at tiscali.it
Sun Aug 12 16:22:35 UTC 2012 

On Sunday 12 August 2012 16:09:52 Harald Becker wrote:
> Hi Tito !
> 
> >can you run it again after disabling  ENABLE_FEATURE_SUID_CONFIG
> >just to be sure, as in this case there should be no error.
> 
> Ok, fresh compile with CONFIG_FEATURE_SUID_CONFIG disabled: No error as
> you expected.
> 
> >This would narrow down our search.
> 
> Sure. Ask for any information which would help to find the reason for
> my current trouble.
> 
> >If I understood correctly the bug is triggered when:
> >/etc/busybox.conf   -rw-r--r--
> >and is not triggered when
> >/etc/busybox.conf   -rw-------
> 
> Not completely correct, lets explicitly check the cases:
> 

Hi,
could not replicate it however I tried.
In http://www.softforge.de/bb/suid.html however i read:

"Format of /etc/busybox.conf:

The file has to be owned by user root, group root and has to be writeable only by root (chown 0.0; chmod 600;). "


> busybox.conf -rw-r--r-- with no entry for awk
> 	direct call -> bug
> 	with strace -> bug
> busybox.conf -rw-r--r-- with entry "awk = xxx root.root"
> 	direct call -> NO bug
> 	with strace -> NO bug
>

In the above cases:
I suppose the missing of the entry leeds to some free error.
By intuition I would check (comment out for testing) llist_free at the end of
parse_config_file(void) in libbb/appletlib.c
(or maybe try sct_head = xzalloc(sizeof(*sct_head)) at the beginning of parse_config_file).
Another candidate is list_free at the end of check_suid(int applet_no).
All this calls to list_free look suspicious to me.

> busybox.conf -rw------- with no entry for awk
> 	direct call -> bug

same as above

> 	with strace -> NO bug, "using fallback suid methode"

busybox.conf is not used in this case.
 
> busybox.conf -rw------- with entry "awk = xxx root.root"
> 	direct call -> NO bug

same as in first case

> 	with strace -> NO bug, "using fallback suid methode"
 
busybox.conf is not used in this case.
  
> >It is also not triggered if 
> >/etc/busybox.conf   is missing as in my case
> 
> This is correct. In detail:
> 	direct call -> NO bug, "using fallback suid methode"
> 	with strace -> NO bug, "using fallback suid methode"
> 

So the bug is triggered when /etc/busybox.conf is parsed
and there is no entry for the applet, permissions
seem to be irrelevant.

Ciao,
Tito

> >Just out of curiosity what are your busybox binary permissions?
> 
> /bin/busybox installed as:
> 
> Owner: root
> Group: 65533 (none)
> Permissions: ---s-----x
> 
> ... but:
> 
> Owner: root
> Group: root
> Permissions: ---s--x--x
> 
> ... make no difference (checked!)
> 
> All libraries, etc. installed as:
> 
> Owner: root
> Group: root
> Permissions: -rwxr-xr-x
> 
> --
> Harald
>

More information about the busybox mailing list