From: "Mark Gollahon" <golly@stellarwerx.com>
To: openembedded-devel@lists.openembedded.org
Subject: Re: tinylogin vs. busybox
Date: Fri, 15 Feb 2008 07:41:14 -0500 (EST) [thread overview]
Message-ID: <1203079274.17656@gatekeeper.stellarwerx.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1908 bytes --]
Why not run two builds of busybox - once for the tinylogin functions and
again for all the rest?
Michael 'Mickey' Lauer wrote ..
> On Wednesday 13 February 2008 16:06:07 Koen Kooi wrote:
> > Michael 'Mickey' Lauer schreef:
> > | On Wednesday 13 February 2008 13:53:18 Koen Kooi wrote:
> > |> Michael 'Mickey' Lauer schreef:
> > |> | I just realized that we are still using tinylogin which has bugs
> and
> > |>
> > |> is dead.
> > |>
> > |> | Newer busybox releases contain all the functionality. Anyone know
> a
> > |> | compelling reason to keep using tinylogin as the default in
> >
> > task-base? If
> >
> > |> | not, I'd like to switch to busybox (after changing its defconfig)
> > |> | soon.
> > |>
> > |> Using busybox as login requires it being setuid root, with all the
> nasty
> > |> security implications stemming from that.
> > |
> > | http://www.busybox.net/lists/busybox/2004-May/011551.html give me the
> >
> > opinion
> >
> > | that this is not a problem.
> >
> > If that email is true, we could dump tinylogin
>
> Excellent. I will look into this and do some tests.
>
> > , but frankly, I trust
> > busybox as far as I can throw a piano (and toybox as far as I can throw
> > a 21" crt) and SUID root binaries make my skin crawl, so we must be very
> > carefull and do thorough tests before making this change.
> > The last thing we want is $bigcompany to blame OE for the exploitabilty
> > of their devices.
>
> Sure, better safe than sorry. Of course this would not be the default in
> OE.dev without being tested for quite some time.
>
> :M:
> --
> Dr. Michael 'Mickey' Lauer | IT-Freelancer | http://www.vanille-media.de
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
next reply other threads:[~2008-02-15 12:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-15 12:41 Mark Gollahon [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-02-13 12:40 tinylogin vs. busybox Michael 'Mickey' Lauer
2008-02-13 12:53 ` Koen Kooi
2008-02-13 13:32 ` Michael 'Mickey' Lauer
2008-02-13 15:06 ` Koen Kooi
2008-02-13 15:48 ` pHilipp Zabel
2008-02-15 11:46 ` Michael 'Mickey' Lauer
2008-02-15 12:25 ` Sergey Lapin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1203079274.17656@gatekeeper.stellarwerx.com \
--to=golly@stellarwerx.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.