Bug#334672: busybox-static: Using fallback suid method
Package: busybox-static
Version: 1:1.01-3
Severity: normal
$ busybox sh
Using fallback suid method
BusyBox v1.01 (Debian 1:1.01-3) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
~ $ su
Using fallback suid method
su: This applet requires root priviledges!
$ cd ~/busybox-1.01
debian/config-static:CONFIG_FEATURE_SUID=y
debian/config-static:CONFIG_FEATURE_SUID_CONFIG=y
sysdeps/linux/Config.in :
config CONFIG_FEATURE_SUID_CONFIG
bool "Runtime SUID/SGID configuration via /etc/busybox.conf"
default n if CONFIG_FEATURE_SUID
depends on CONFIG_FEATURE_SUID
help
Allow the SUID / SGID state of an applet to be determined runtime by
checking /etc/busybox.conf. The format of this file is as follows:
<applet> = [Ssx-][Ssx-][x-] (<username>|<uid>).(<groupname>|<gid>)
An example might help:
[SUID]
su = ssx root.0 # applet su can be run by anyone and runs with euid=0/egid=0
su = ssx # exactly the same
mount = sx- root.disk # applet mount can be run by root and members of group disk
# and runs with euid=0
cp = --- # disable applet cp for everyone
The file has to be owned by user root, group root and has to be
writeable only by root:
(chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf)
The busybox executable has to be owned by user root, group
root and has to be setuid root for this to work:
(chown 0.0 /bin/busybox; chmod 4755 /bin/busybox)
Robert 'sandman' Griebl has more information here:
<url: http://www.softforge.de/bb/suid.html >.
busybox isn't suid and there's no /etc/busybox.conf
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (900, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc4-git4
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
-- no debconf information
Reply to: