On Fri, Feb 26, 2010 at 10:42:30PM +0000, Phil Blundell wrote: >If you're primarily worried about case (a) then building two copies of >the frontend which share a common libbusybox, one setuid and one not, >probably is a reasonable thing to do. However, as you say, busybox does >already have a fairly robust mechanism in place for dropping privs when >they are not wanted by a particular applet and hence the threat from >this side seems to be quite low anyway.
Yes, and that's what i've read into Michaels mail that this was what he was primarily concerned about, but rereading him he didn't actually say that. My apologies. > >If you are primarily worried about case (b) then the easiest way to >mitigate the threat is to reduce the amount of code which is linked in indeed _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
