[PATCH] ping: try SOCK_DGRAM if no root privileges
Tito
farmatito at tiscali.it
Thu Jan 9 14:42:51 UTC 2014
On Thursday 09 January 2014 15:07:23 Laurent Bercot wrote:
>
> >> making ping suid in the context of busybox basically means "make the
> >> entire busybox binary suid" and that is definitely a bad idea (an
> >> example that comes to mind is the wall vulnerability discovered
> >> recently).
> > Hi,
> > Busybox drops suid privileges for applets that don't require it
> > even before the applet code is called.
>
> I never understood all the fuss about that or the chosen
> Busybox solution. Gaining privileges is the single most dangerous
> thing in Unix ; gaining privileges then dropping them if you didn't
> need them after all is playing with fire for no reason.
>
> Here is what I do:
>
> * make a single busybox binary with all the applets I need. My
> busybox binary is NEVER setuid.
> * compile a separate small C program that tests whether
> `basename $0` is in a list of accepted words, and if it is the
> case, execs into "/bin/busybox `basename $0` $@". Make that separate
> binary setuid root.
Hi,
basename is a link to which one of the busybox binaries?
Ciao,
Tito
> * the utilities that need to be setuid root are symlinks to that
> binary, the other ones are direct symlinks to busybox.
>
> This solution makes me trust 4 lines of code instead of the
> whole busybox binary, and privileges are only gained if they
> are really needed. Sure, I have to edit the list of setuid applets
> in an additional place; this is a small price to pay for
> correctness.
>
>
More information about the busybox
mailing list