[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#334672: busybox-static: Using fallback suid method

Package: busybox-static
Version: 1:1.01-3
Severity: normal

$ busybox sh  
Using fallback suid method

BusyBox v1.01 (Debian 1:1.01-3) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ $ su
Using fallback suid method
su: This applet requires root priviledges!

$ cd ~/busybox-1.01


sysdeps/linux/Config.in :

        bool "Runtime SUID/SGID configuration via /etc/busybox.conf"
        default n if CONFIG_FEATURE_SUID
        depends on CONFIG_FEATURE_SUID
          Allow the SUID / SGID state of an applet to be determined runtime by
          checking /etc/busybox.conf.  The format of this file is as follows:

          <applet> = [Ssx-][Ssx-][x-] (<username>|<uid>).(<groupname>|<gid>)

          An example might help:

          su = ssx root.0 # applet su can be run by anyone and runs with euid=0/egid=0
          su = ssx        # exactly the same

          mount = sx- root.disk # applet mount can be run by root and members of group disk
                                # and runs with euid=0

          cp = --- # disable applet cp for everyone

          The file has to be owned by user root, group root and has to be
          writeable only by root:
                (chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf)
          The busybox executable has to be owned by user root, group
          root and has to be setuid root for this to work:
                (chown 0.0 /bin/busybox; chmod 4755 /bin/busybox)

          Robert 'sandman' Griebl has more information here:
          <url: http://www.softforge.de/bb/suid.html >.

busybox isn't suid and there's no /etc/busybox.conf

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc4-git4
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

-- no debconf information

Reply to: