From: "Mark Gollahon" <golly@stellarwerx.com>
To: openembedded-devel@lists.openembedded.org
Subject: Re: tinylogin vs. busybox
Date: Fri, 15 Feb 2008 07:41:14 -0500 (EST) [thread overview]
Message-ID: <1203079274.17656@gatekeeper.stellarwerx.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1908 bytes --]
Why not run two builds of busybox - once for the tinylogin functions and
again for all the rest?
Michael 'Mickey' Lauer wrote ..
> On Wednesday 13 February 2008 16:06:07 Koen Kooi wrote:
> > Michael 'Mickey' Lauer schreef:
> > | On Wednesday 13 February 2008 13:53:18 Koen Kooi wrote:
> > |> Michael 'Mickey' Lauer schreef:
> > |> | I just realized that we are still using tinylogin which has bugs
> and
> > |>
> > |> is dead.
> > |>
> > |> | Newer busybox releases contain all the functionality. Anyone know
> a
> > |> | compelling reason to keep using tinylogin as the default in
> >
> > task-base? If
> >
> > |> | not, I'd like to switch to busybox (after changing its defconfig)
> > |> | soon.
> > |>
> > |> Using busybox as login requires it being setuid root, with all the
> nasty
> > |> security implications stemming from that.
> > |
> > | http://www.busybox.net/lists/busybox/2004-May/011551.html give me the
> >
> > opinion
> >
> > | that this is not a problem.
> >
> > If that email is true, we could dump tinylogin
>
> Excellent. I will look into this and do some tests.
>
> > , but frankly, I trust
> > busybox as far as I can throw a piano (and toybox as far as I can throw
> > a 21" crt) and SUID root binaries make my skin crawl, so we must be very
> > carefull and do thorough tests before making this change.
> > The last thing we want is $bigcompany to blame OE for the exploitabilty
> > of their devices.
>
> Sure, better safe than sorry. Of course this would not be the default in
> OE.dev without being tested for quite some time.
>
> :M:
> --
> Dr. Michael 'Mickey' Lauer | IT-Freelancer | http://www.vanille-media.de
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
next reply other threads:[~2008-02-15 12:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-15 12:41 Mark Gollahon [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-02-13 12:40 tinylogin vs. busybox Michael 'Mickey' Lauer
2008-02-13 12:53 ` Koen Kooi
2008-02-13 13:32 ` Michael 'Mickey' Lauer
2008-02-13 15:06 ` Koen Kooi
2008-02-13 15:48 ` pHilipp Zabel
2008-02-15 11:46 ` Michael 'Mickey' Lauer
2008-02-15 12:25 ` Sergey Lapin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1203079274.17656@gatekeeper.stellarwerx.com \
--to=golly@stellarwerx.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox