[PATCH] wall: Don't allow reading of files the real user might not have access to

Rich Felker dalias at aerifal.cx
Mon Sep 30 01:54:34 UTC 2013


On Mon, Sep 30, 2013 at 08:30:01AM +1000, Ryan Mallon wrote:
> The wall applet is setuid and currently does no checking of the real
> user's read access to the message file. This allows the wall applet
> to be used to display files which are not readable by an
> unprivileged user. For example:
> 
>   $ wall /etc/shadow
>   $ wall /proc/vmallocinfo
> 
> Fix this issue by introducing the same check as used by the
> util-linux version of wall: only allow the file argument to be used
> if the user is root, or the real and effective uid/gids are equal.

No, the fix is to make it so wall is not one of the suid applets.
There is no reason whatsoever for wall to be suid. Users who want wall
messages are supposed to make their terminal world-writable. Users who
don't (i.e. anyone sane) makes their terminal non-world-writable.

Idiotic bugs like this (utilities which have no business being suid
getting treated as one of the suid cases) are why I recommend not even
using the busybox suid feature at all, or at least making a separate
busybox binary with only the should-be-suid applets compiled in.

Rich


More information about the busybox mailing list