[BusyBox 0000549]: Wrong SUID handling when invoking busybox binary directly

bugs at busybox.net bugs at busybox.net
Thu Apr 27 09:27:35 UTC 2006


The following issue has been REOPENED. 
====================================================================== 
http://busybox.net/bugs/view.php?id=549 
====================================================================== 
Reported By:                aforet
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   549
Category:                   Other
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     feedback
====================================================================== 
Date Submitted:             11-17-2005 04:42 PST
Last Modified:              04-27-2006 02:27 PDT
====================================================================== 
Summary:                    Wrong SUID handling when invoking busybox binary
directly
Description: 
I'm using the following configuration file /etc/busybox.conf (rw-r--r--
root:root):
"[SUID]
tar = sx- root.users"

The Busybox binary has the SetUID bit.

When invoking the tar applet (as an unprivileged user) using the following
command line:
$ busybox tar xvf file.tar [files to pack]

Busybox first considers "busybox" as the applet name. When it tries to
handle SUID settings, since there is no matching entry for this applet in
the configuration file, it drops all its privileges (see check_suid()
function in src/applets/applets.c).

Then, it tries to look for the 2nd argument as the applet name ("tar" in
this example). This time, the applet exists, and a matching entry is found
in the configuration file, but it is too late, priviledges were already
dropped during the previous round.

As a consequence, calling an applet by running the busybox binary directly
always lead to run the applet without taking into account the settings from
the configuration file.
====================================================================== 

---------------------------------------------------------------------- 
 vodz - 12-05-05 08:46  
---------------------------------------------------------------------- 
I can`t reproduce this.
If /etc/busybox.conf have not line for applet, used hardcode suid
configuration from include/applets.h. This file have MAYBE suid option for
"busybox" applet and do not drop privilegies. 

---------------------------------------------------------------------- 
 landley - 01-10-06 19:27  
---------------------------------------------------------------------- 
If you're calling an applet via the "busybox" name, and you're not root,
then you shouldn't become root.  You're requesting a behavior change, and
I don't think it's a good idea. 

---------------------------------------------------------------------- 
 aforet - 04-27-06 02:27  
---------------------------------------------------------------------- 
And if you're calling an applet via its real name, and you're not root,
then you should become root?
It does not make much more sense to me...

Busybox should really parse its configuration file to always look for the
name of the applet to get a consitent behaviour. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
11-17-05 04:42  aforet         New Issue                                    
11-17-05 04:42  aforet         Status                   new => assigned     
11-17-05 04:42  aforet         Assigned To               => BusyBox         
12-05-05 08:46  vodz           Note Added: 0000724                          
01-10-06 19:27  landley        Status                   assigned => closed  
01-10-06 19:27  landley        Note Added: 0000921                          
01-10-06 19:27  landley        Resolution               open => no change
required
04-27-06 02:27  aforet         Status                   closed => feedback  
04-27-06 02:27  aforet         Resolution               no change required =>
reopened
04-27-06 02:27  aforet         Note Added: 0001329                          
======================================================================




More information about the busybox-cvs mailing list