On Fri, Jan 04, 2008 at 02:33:41AM -0800, James Sparenberg wrote: > On Wednesday 02 January 2008 06:07:47 Marius Gedminas wrote: > > On Tue, Jan 01, 2008 at 11:42:01PM -0800, James Sparenberg wrote: > > > Hendrik, > > > > > > Actually ping requires root on all systems. Since in order to > > > do icmp you need to put the nic into a different mode than it > > > runs in normally. The way it is normally done on every other > > > linux distro is to do (as root) > > > > > > chmod u+s /usr/bin/ping (or /bin/ping on busybox enabled > > > systems) > > > > > > This will, yes, set ping as setuid root. If you look at any > > > other Linux you see that they all run ping setuid root. > > > > If you do that with /bin/ping on busybox-enabled systems, it will > > set *all* busybox utils (including /bin/sh) setuid root. > > > > Gun. Foot. Safety off. > > > > Good luck, > > Marius Gedminas > > Marius, > > Yes it would seem so, and I expected it to happen, but if you do > chmod u+s /bin/ping ... a normal user can run ping. But then if you > turn around and do (after the chmod) > > cat /etc/sudoers > > As an unprivileged user ... it will give you a permission denied.
You're right, busybox has special support for suid and drops privileges
for applets that aren't supposed to be suid. This is cool, I didn't
know about it. Make sense when I notice /bin/su is a symlink to
busybox. Although I'm not sure then why busybox is not suid root by
default.
Marius Gedminas
--
Only great masters of style can succeed in being obtuse.
-- Oscar Wilde
Most UNIX programmers are great masters of style.
-- The Unnamed Usenetter
signature.asc
Description: Digital signature
_______________________________________________ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
