On Wed, 2010-02-24 at 11:19 +0100, Marcin Juszkiewicz wrote: > Dnia wtorek, 23 lutego 2010 o 20:02:56 Tom Rini napisaĆ(a): > > I was about to just push this and I noticed that a number of > > distributions (SlugOS, Angstrom, Kaelios, micro) currently set > > FEATURE_SUID=y, but it's not actually install SUID. And since I recall > > some way-back-when's of "busybox SUID is dangerous / crap!", I thought > > it best to post the patch first and let folks speak up / ask me to drop > > FEATURE_SUID=y when I do this. So, here's the patch: > > Ok, but does not it require /etc/something to list which applets are allowed > to be suid and which are not? > > Hm. checked sources. with FEATURE_SUID suid will be active only for "crontab, > dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su, traceroute, vlock" > commands. /etc/busybox.conf is CONFIG_FEATURE_SUID_CONFIG option.
To be clear, enabling one of those applets will force FEATURE_SUID to be set. FEATURE_SUID_CONFIG lets you configure who can run these SUID programs. -- Tom Rini <tom_r...@mentor.com> Mentor Graphics Corporation _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel