Re: [PATCH] Fix busybox SUID support - Bernhard Reutner-Fischer

Openembedded Devel Discussions
 help / color / mirror / Atom feed

From: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: Re: [PATCH] Fix busybox SUID support
Date: Sat, 27 Feb 2010 00:06:43 +0100	[thread overview]
Message-ID: <20100226230643.GH30265@mx.loc> (raw)
In-Reply-To: <1267224150.5437.435.camel@lenovo.internal.reciva.com>

On Fri, Feb 26, 2010 at 10:42:30PM +0000, Phil Blundell wrote:

>If you're primarily worried about case (a) then building two copies of
>the frontend which share a common libbusybox, one setuid and one not,
>probably is a reasonable thing to do.  However, as you say, busybox does
>already have a fairly robust mechanism in place for dropping privs when
>they are not wanted by a particular applet and hence the threat from
>this side seems to be quite low anyway.

Yes, and that's what i've read into Michaels mail that this was what he
was primarily concerned about, but rereading him he didn't actually say
that. My apologies.
>
>If you are primarily worried about case (b) then the easiest way to
>mitigate the threat is to reduce the amount of code which is linked in

indeed

     prev parent reply	other threads:[~2010-02-26 23:03 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-23 19:02 [PATCH] Fix busybox SUID support Tom Rini
2010-02-23 19:51 ` Khem Raj
2010-02-23 20:14   ` Tom Rini
2010-02-23 20:23     ` Chris Larson
2010-02-23 21:37 ` Phil Blundell
2010-02-23 22:52 ` Michael 'Mickey' Lauer
2010-02-23 23:01   ` Tom Rini
2010-02-24 10:19 ` Marcin Juszkiewicz
2010-02-24 16:10   ` Tom Rini
2010-02-26 15:43 ` Mike Westerhof
2010-02-26 18:20   ` Koen Kooi
2010-02-26 20:21     ` C Michael Sundius
2010-02-26 22:26       ` Bernhard Reutner-Fischer
2010-02-26 22:42         ` Phil Blundell
2010-02-26 23:06           ` Bernhard Reutner-Fischer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100226230643.GH30265@mx.loc \
    --to=rep.dot.nop@gmail.com \
    --cc=openembedded-devel@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox