* Re: tinylogin vs. busybox
@ 2008-02-15 12:41 Mark Gollahon
0 siblings, 0 replies; 8+ messages in thread
From: Mark Gollahon @ 2008-02-15 12:41 UTC (permalink / raw)
To: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 1908 bytes --]
Why not run two builds of busybox - once for the tinylogin functions and
again for all the rest?
Michael 'Mickey' Lauer wrote ..
> On Wednesday 13 February 2008 16:06:07 Koen Kooi wrote:
> > Michael 'Mickey' Lauer schreef:
> > | On Wednesday 13 February 2008 13:53:18 Koen Kooi wrote:
> > |> Michael 'Mickey' Lauer schreef:
> > |> | I just realized that we are still using tinylogin which has bugs
> and
> > |>
> > |> is dead.
> > |>
> > |> | Newer busybox releases contain all the functionality. Anyone know
> a
> > |> | compelling reason to keep using tinylogin as the default in
> >
> > task-base? If
> >
> > |> | not, I'd like to switch to busybox (after changing its defconfig)
> > |> | soon.
> > |>
> > |> Using busybox as login requires it being setuid root, with all the
> nasty
> > |> security implications stemming from that.
> > |
> > | http://www.busybox.net/lists/busybox/2004-May/011551.html give me the
> >
> > opinion
> >
> > | that this is not a problem.
> >
> > If that email is true, we could dump tinylogin
>
> Excellent. I will look into this and do some tests.
>
> > , but frankly, I trust
> > busybox as far as I can throw a piano (and toybox as far as I can throw
> > a 21" crt) and SUID root binaries make my skin crawl, so we must be very
> > carefull and do thorough tests before making this change.
> > The last thing we want is $bigcompany to blame OE for the exploitabilty
> > of their devices.
>
> Sure, better safe than sorry. Of course this would not be the default in
> OE.dev without being tested for quite some time.
>
> :M:
> --
> Dr. Michael 'Mickey' Lauer | IT-Freelancer | http://www.vanille-media.de
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* tinylogin vs. busybox
@ 2008-02-13 12:40 Michael 'Mickey' Lauer
2008-02-13 12:53 ` Koen Kooi
0 siblings, 1 reply; 8+ messages in thread
From: Michael 'Mickey' Lauer @ 2008-02-13 12:40 UTC (permalink / raw)
To: openembedded-devel
I just realized that we are still using tinylogin which has bugs and is dead.
Newer busybox releases contain all the functionality. Anyone know a
compelling reason to keep using tinylogin as the default in task-base? If
not, I'd like to switch to busybox (after changing its defconfig) soon.
:M:
--
Dr. Michael 'Mickey' Lauer | IT-Freelancer | http://www.vanille-media.de
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: tinylogin vs. busybox
2008-02-13 12:40 Michael 'Mickey' Lauer
@ 2008-02-13 12:53 ` Koen Kooi
2008-02-13 13:32 ` Michael 'Mickey' Lauer
0 siblings, 1 reply; 8+ messages in thread
From: Koen Kooi @ 2008-02-13 12:53 UTC (permalink / raw)
To: Using the OpenEmbedded metadata to build Distributions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael 'Mickey' Lauer schreef:
| I just realized that we are still using tinylogin which has bugs and
is dead.
| Newer busybox releases contain all the functionality. Anyone know a
| compelling reason to keep using tinylogin as the default in task-base? If
| not, I'd like to switch to busybox (after changing its defconfig) soon.
Using busybox as login requires it being setuid root, with all the nasty
security implications stemming from that. I don't think OE should force
people to only have one user ('root') on their systems, since that is
exactly what your proposed change would mean.
However, I have no objection to enabling login functionality in busybox.
So:
* keep tinylogin
* don't make busybox setuid root
* update defconfig
regards,
Koen
- --
koen@dominion.kabel.utwente.nl will go go away in december 2007, please
use k.kooi@student.utwente.nl instead.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFHsug+MkyGM64RGpERAihfAKCn2Vlva94cL6G/+eYLezttWkhADwCfYtgC
s8GPomq+b0MqLThl2ZVjxUQ=
=t8V1
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: tinylogin vs. busybox
2008-02-13 12:53 ` Koen Kooi
@ 2008-02-13 13:32 ` Michael 'Mickey' Lauer
2008-02-13 15:06 ` Koen Kooi
0 siblings, 1 reply; 8+ messages in thread
From: Michael 'Mickey' Lauer @ 2008-02-13 13:32 UTC (permalink / raw)
To: openembedded-devel
On Wednesday 13 February 2008 13:53:18 Koen Kooi wrote:
> Michael 'Mickey' Lauer schreef:
> | I just realized that we are still using tinylogin which has bugs and
>
> is dead.
>
> | Newer busybox releases contain all the functionality. Anyone know a
> | compelling reason to keep using tinylogin as the default in task-base? If
> | not, I'd like to switch to busybox (after changing its defconfig) soon.
>
> Using busybox as login requires it being setuid root, with all the nasty
> security implications stemming from that.
http://www.busybox.net/lists/busybox/2004-May/011551.html give me the opinion
that this is not a problem.
> I don't think OE should force
> people to only have one user ('root') on their systems, since that is
> exactly what your proposed change would mean.
I agree, but I don't see why using busybox login would limit us to root-only.
Care to give more details?
Besides, I think using something old and dead as tinylogin with known bugs is
more of a security problem than setuid root busybox...
:M:
--
Dr. Michael 'Mickey' Lauer | IT-Freelancer | http://www.vanille-media.de
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: tinylogin vs. busybox
2008-02-13 13:32 ` Michael 'Mickey' Lauer
@ 2008-02-13 15:06 ` Koen Kooi
2008-02-13 15:48 ` pHilipp Zabel
2008-02-15 11:46 ` Michael 'Mickey' Lauer
0 siblings, 2 replies; 8+ messages in thread
From: Koen Kooi @ 2008-02-13 15:06 UTC (permalink / raw)
To: Using the OpenEmbedded metadata to build Distributions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael 'Mickey' Lauer schreef:
| On Wednesday 13 February 2008 13:53:18 Koen Kooi wrote:
|> Michael 'Mickey' Lauer schreef:
|> | I just realized that we are still using tinylogin which has bugs and
|>
|> is dead.
|>
|> | Newer busybox releases contain all the functionality. Anyone know a
|> | compelling reason to keep using tinylogin as the default in
task-base? If
|> | not, I'd like to switch to busybox (after changing its defconfig) soon.
|>
|> Using busybox as login requires it being setuid root, with all the nasty
|> security implications stemming from that.
|
| http://www.busybox.net/lists/busybox/2004-May/011551.html give me the
opinion
| that this is not a problem.
If that email is true, we could dump tinylogin, but frankly, I trust
busybox as far as I can throw a piano (and toybox as far as I can throw
a 21" crt) and SUID root binaries make my skin crawl, so we must be very
carefull and do thorough tests before making this change.
The last thing we want is $bigcompany to blame OE for the exploitabilty
of their devices.
|> I don't think OE should force
|> people to only have one user ('root') on their systems, since that is
|> exactly what your proposed change would mean.
|
| I agree, but I don't see why using busybox login would limit us to
root-only.
| Care to give more details?
The way busybox worked before is that *any* busybox applet is SUID root,
which means 'vi' and 'passwd' are as well, which in practice means there
is only one user: root.
| Besides, I think using something old and dead as tinylogin with known
bugs is
| more of a security problem than setuid root busybox...
That depends on what those bugs are, I can't do more than handwaving
about one being less secure as the other without that knowledge.
regards,
Koen
- --
koen@dominion.kabel.utwente.nl will go go away in december 2007, please
use k.kooi@student.utwente.nl instead.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFHswdfMkyGM64RGpERAhIXAJ9+ve//TgUn/U7ZFYUmNaqitAY+bwCfY4pF
JPmlPuPhBdvndxlqzveWVaE=
=nTlr
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: tinylogin vs. busybox
2008-02-13 15:06 ` Koen Kooi
@ 2008-02-13 15:48 ` pHilipp Zabel
2008-02-15 11:46 ` Michael 'Mickey' Lauer
1 sibling, 0 replies; 8+ messages in thread
From: pHilipp Zabel @ 2008-02-13 15:48 UTC (permalink / raw)
To: openembedded-devel; +Cc: Using the OpenEmbedded metadata to build Distributions
On Feb 13, 2008 4:06 PM, Koen Kooi <k.kooi@student.utwente.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael 'Mickey' Lauer schreef:
> | On Wednesday 13 February 2008 13:53:18 Koen Kooi wrote:
> |> Michael 'Mickey' Lauer schreef:
> |> | I just realized that we are still using tinylogin which has bugs and
> |>
> |> is dead.
> |>
> |> | Newer busybox releases contain all the functionality. Anyone know a
> |> | compelling reason to keep using tinylogin as the default in
> task-base? If
> |> | not, I'd like to switch to busybox (after changing its defconfig) soon.
> |>
> |> Using busybox as login requires it being setuid root, with all the nasty
> |> security implications stemming from that.
> |
> | http://www.busybox.net/lists/busybox/2004-May/011551.html give me the
> opinion
> | that this is not a problem.
>
> If that email is true, we could dump tinylogin, but frankly, I trust
> busybox as far as I can throw a piano (and toybox as far as I can throw
> a 21" crt) and SUID root binaries make my skin crawl, so we must be very
> carefull and do thorough tests before making this change.
> The last thing we want is $bigcompany to blame OE for the exploitabilty
> of their devices.
>
> |> I don't think OE should force
> |> people to only have one user ('root') on their systems, since that is
> |> exactly what your proposed change would mean.
> |
> | I agree, but I don't see why using busybox login would limit us to
> root-only.
> | Care to give more details?
>
> The way busybox worked before is that *any* busybox applet is SUID root,
> which means 'vi' and 'passwd' are as well, which in practice means there
> is only one user: root.
busybox does drop root priviledges for applets that don't need them,
after reading its configuration file.
The only input from non-root users that I can see until then are the
command line parameters (applets/applets.c)
main() --> run_applet_and_exit() --> run_current_applet_and_exit() -->
check_suid()
regards
Philipp
> | Besides, I think using something old and dead as tinylogin with known
> bugs is
> | more of a security problem than setuid root busybox...
>
> That depends on what those bugs are, I can't do more than handwaving
> about one being less secure as the other without that knowledge.
>
> regards,
>
> Koen
>
> - --
> koen@dominion.kabel.utwente.nl will go go away in december 2007, please
> use k.kooi@student.utwente.nl instead.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iD8DBQFHswdfMkyGM64RGpERAhIXAJ9+ve//TgUn/U7ZFYUmNaqitAY+bwCfY4pF
> JPmlPuPhBdvndxlqzveWVaE=
> =nTlr
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
>
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: tinylogin vs. busybox
2008-02-13 15:06 ` Koen Kooi
2008-02-13 15:48 ` pHilipp Zabel
@ 2008-02-15 11:46 ` Michael 'Mickey' Lauer
2008-02-15 12:25 ` Sergey Lapin
1 sibling, 1 reply; 8+ messages in thread
From: Michael 'Mickey' Lauer @ 2008-02-15 11:46 UTC (permalink / raw)
To: openembedded-devel
On Wednesday 13 February 2008 16:06:07 Koen Kooi wrote:
> Michael 'Mickey' Lauer schreef:
> | On Wednesday 13 February 2008 13:53:18 Koen Kooi wrote:
> |> Michael 'Mickey' Lauer schreef:
> |> | I just realized that we are still using tinylogin which has bugs and
> |>
> |> is dead.
> |>
> |> | Newer busybox releases contain all the functionality. Anyone know a
> |> | compelling reason to keep using tinylogin as the default in
>
> task-base? If
>
> |> | not, I'd like to switch to busybox (after changing its defconfig)
> |> | soon.
> |>
> |> Using busybox as login requires it being setuid root, with all the nasty
> |> security implications stemming from that.
> |
> | http://www.busybox.net/lists/busybox/2004-May/011551.html give me the
>
> opinion
>
> | that this is not a problem.
>
> If that email is true, we could dump tinylogin
Excellent. I will look into this and do some tests.
> , but frankly, I trust
> busybox as far as I can throw a piano (and toybox as far as I can throw
> a 21" crt) and SUID root binaries make my skin crawl, so we must be very
> carefull and do thorough tests before making this change.
> The last thing we want is $bigcompany to blame OE for the exploitabilty
> of their devices.
Sure, better safe than sorry. Of course this would not be the default in
OE.dev without being tested for quite some time.
:M:
--
Dr. Michael 'Mickey' Lauer | IT-Freelancer | http://www.vanille-media.de
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: tinylogin vs. busybox
2008-02-15 11:46 ` Michael 'Mickey' Lauer
@ 2008-02-15 12:25 ` Sergey Lapin
0 siblings, 0 replies; 8+ messages in thread
From: Sergey Lapin @ 2008-02-15 12:25 UTC (permalink / raw)
To: openembedded-devel
On Fri, Feb 15, 2008 at 2:46 PM, Michael 'Mickey' Lauer
<mickey@vanille-media.de> wrote:
> > , but frankly, I trust
> > busybox as far as I can throw a piano (and toybox as far as I can throw
> > a 21" crt) and SUID root binaries make my skin crawl, so we must be very
> > carefull and do thorough tests before making this change.
> > The last thing we want is $bigcompany to blame OE for the exploitabilty
> > of their devices.
>
> Sure, better safe than sorry. Of course this would not be the default in
> OE.dev without being tested for quite some time.
Well, is it great idea to replace tinylogin with busybox-suid (which
should contain
carefully selected applets and properly tested)?
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2008-02-15 12:25 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-15 12:41 tinylogin vs. busybox Mark Gollahon
-- strict thread matches above, loose matches on Subject: below --
2008-02-13 12:40 Michael 'Mickey' Lauer
2008-02-13 12:53 ` Koen Kooi
2008-02-13 13:32 ` Michael 'Mickey' Lauer
2008-02-13 15:06 ` Koen Kooi
2008-02-13 15:48 ` pHilipp Zabel
2008-02-15 11:46 ` Michael 'Mickey' Lauer
2008-02-15 12:25 ` Sergey Lapin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.