busybox/tinylogin suid security issues
vapier at gentoo.org
Wed Dec 21 20:37:02 UTC 2005
On Wed, Dec 21, 2005 at 03:20:00PM -0500, Chuck Meade wrote:
> In Karim Yaghmour's book "Building Embedded Linux Systems", Karim
> states that he builds tinylogin as a separate component from busybox,
> since it needs suid/root privileges. He does not want to give suid
> privileges to the busybox binary itself, due to the security concerns
> of running ls and cat (for example) at root level.
that's because the book was written before busybox was updated to
include suid handling
> Does anyone see any advantage of using Karim's method (separate
> tinylogin apps with suid bits set) over the Busybox method (suid
> configured in /etc/busybox.conf)?
you waste space
More information about the busybox