[BusyBox] Busybox and setuid

John Kelly jakelly at shtc.net
Tue Aug 23 01:32:59 UTC 2005

Jason said:

> CONFIG_FEATURE_SUID_CONFIG is the option you want. You can also
> setup an /etc/busybox.conf file to specify certain applets that
> should have SUID privilages.

... leaving you exposed to configuration mistakes and flawed code.  I
wonder how well has that code been audited.  Not sure I would like to
make any assumptions in that regard ...

Chris said:

> Maybe it's just the old sysadmin in me, but having to setuid root
> on busybox for a couple of commands that need it, and thus having
> all busybox commands run as setuid root, is just a bit scary.

Take a look at how ttylinux implements busybox.  They use two separate
configs/executables, as you have in mind.


More information about the busybox mailing list