Did you see the patch John Spencer sent me to make it actually work?
About three dozen more lines of code.
John Spencer's patch focuses on making ping work without root privileges.
My code focuses on giving root privileges to applets that need it (such
as current ping) without making the
n Fri, Jan 10, 2014 at 1:59 PM, Laurent Bercot ska-dietl...@skarnet.org
wrote:
Did you see the patch John Spencer sent me to make it actually work?
About three dozen more lines of code.
John Spencer's patch focuses on making ping work without root privileges.
My code focuses on giving
On 1/10/2014 12:37 AM, Laurent Bercot wrote:
You're performing too much work copying your argument list. :P
The wrapper should be entirely transparent: busybox shouldn't
even notice it has been run through it, so it should be called
with the exact same argv. Here's what I do
[...]
If you
On Fri, Jan 10, 2014 at 12:06:27PM -0500, Michael Conrad wrote:
On 1/10/2014 12:37 AM, Laurent Bercot wrote:
You're performing too much work copying your argument list. :P
The wrapper should be entirely transparent: busybox shouldn't
even notice it has been run through it, so it should be
On 2014-01-10 19:27, Rich Felker wrote:
Note that this kind of approach STILL does not protect you from
vulnerabilities in the dynamic linker (avoiding them would require
making both the wrapper and busybox binary static-linked)
Which is the case for me.
or libc startup code (inevitable).
On Fri, Jan 10, 2014 at 09:33:56PM +, Laurent Bercot wrote:
On 2014-01-10 19:27, Rich Felker wrote:
Note that this kind of approach STILL does not protect you from
vulnerabilities in the dynamic linker (avoiding them would require
making both the wrapper and busybox binary static-linked)
On Mon, Jan 6, 2014 at 5:03 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i've been able to get the SOCK_DGRAM stuff to work with a little help of
Vasily, author of the kernel patch.
see attached proof-of-concept patch.
i'm aware that it doesnt use xbind() and other busybox replacement
Denys Vlasenko wrote:
On Mon, Jan 6, 2014 at 5:03 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i've been able to get the SOCK_DGRAM stuff to work with a little help of
Vasily, author of the kernel patch.
see attached proof-of-concept patch.
i'm aware that it doesnt use xbind() and
On Thursday 09 January 2014 13:35:59 John Spencer wrote:
Denys Vlasenko wrote:
On Mon, Jan 6, 2014 at 5:03 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i've been able to get the SOCK_DGRAM stuff to work with a little help of
Vasily, author of the kernel patch.
see attached
On Thursday 09 January 2014 15:07:23 Laurent Bercot wrote:
making ping suid in the context of busybox basically means make the
entire busybox binary suid and that is definitely a bad idea (an
example that comes to mind is the wall vulnerability discovered
recently).
Hi,
Busybox drops
On Thu, Jan 9, 2014 at 1:35 PM, John Spencer
maillist-busy...@barfooze.de wrote:
This seems to lead to a significantly larger code.
Making ping suid wasn't such a big problem before, so
why should we have all these complications now?
making ping suid in the context of busybox basically
On Thu, Jan 9, 2014 at 3:07 PM, Laurent Bercot ska-dietl...@skarnet.org wrote:
I never understood all the fuss about that or the chosen
Busybox solution. Gaining privileges is the single most dangerous
thing in Unix
An attacker who only manages to subvert your user account,
of course, can't
Denys Vlasenko wrote:
On Thu, Jan 9, 2014 at 1:35 PM, John Spencer
maillist-busy...@barfooze.de wrote:
This seems to lead to a significantly larger code.
Making ping suid wasn't such a big problem before, so
why should we have all these complications now?
making ping suid in the context of
An attacker who only manages to subvert your user account,
of course, can't get at the precious things like /usr/bin/* files
and modify or delete them.
He can only read your locally saved emails,
browser's cache and saved passwords
of your bank website login.
Oh, wait...
Eh, I didn't
* make a single busybox binary with all the applets I need. My
busybox binary is NEVER setuid.
* compile a separate small C program that tests whether
`basename $0` is in a list of accepted words, and if it is the
case, execs into /bin/busybox `basename $0` $@. Make that separate
binary
On Thu, Jan 9, 2014 at 7:15 PM, Laurent Bercot ska-dietl...@skarnet.org wrote:
An attacker who only manages to subvert your user account,
of course, can't get at the precious things like /usr/bin/* files
and modify or delete them.
He can only read your locally saved emails,
browser's cache
They were order of magnitude more problematic
when multi-user machines were the norm.
True enough, but it is still the case, for a good definition of user.
Most machines today only have one human user, but there are a lot
of uids and gids used to run daemons with separate privileges. It is
, January 09, 2014 12:10 PM
To: Denys Vlasenko
Cc: busybox
Subject: Re: [PATCH] ping: try SOCK_DGRAM if no root privileges
They were order of magnitude more problematic
when multi-user machines were the norm.
True enough, but it is still the case, for a good definition of user.
Most machines
Cathey, == Cathey, Jim jcat...@ciena.com writes:
This is on a read-only root filesystem that is built the way we want it.
(Squashfs, I believe.) There aren't any, and can't be, any links to names
we don't wish to give suid permission to.
And no writable storage anywhere (E.G. a tmpfs for
This is on a read-only root filesystem that is built the way we want it.
(Squashfs, I believe.) There aren't any, and can't be, any links to names
we don't wish to give suid permission to.
-- Jim
-Original Message-
Where's the check for what applets are allowed? What stops you from
] On Behalf Of Peter Korsgaard
Sent: Thursday, January 09, 2014 12:46 PM
To: Cathey, Jim
Cc: Laurent Bercot; Denys Vlasenko; busybox
Subject: Re: [PATCH] ping: try SOCK_DGRAM if no root privileges
Cathey, == Cathey, Jim jcat...@ciena.com writes:
This is on a read-only root filesystem that is built
...@busybox.net [mailto:busybox-boun...@busybox.net] On
Behalf Of Cathey, Jim
Sent: Thursday, January 09, 2014 1:24 PM
To: Peter Korsgaard
Cc: busybox
Subject: RE: [PATCH] ping: try SOCK_DGRAM if no root privileges
Doesn't really do you much good since BB is still doing
its own name checks.
No, it's
On Thu, Jan 09, 2014 at 02:04:12PM +0100, Tito wrote:
On Thursday 09 January 2014 13:35:59 John Spencer wrote:
Denys Vlasenko wrote:
On Mon, Jan 6, 2014 at 5:03 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i've been able to get the SOCK_DGRAM stuff to work with a little help of
On Thu, Jan 09, 2014 at 08:03:49PM +0100, Denys Vlasenko wrote:
If you are afraid that ping may have a bug, spend time auditing ping,
not making it more ugly just because you can make such bug
impact only lowly user.
The concern is not that ping may have a bug. The concern is that the
presence
You're performing too much work copying your argument list. :P
The wrapper should be entirely transparent: busybox shouldn't
even notice it has been run through it, so it should be called
with the exact same argv. Here's what I do.
Notes:
* untested, please check carefully. The actual code
On Thursday 09 January 2014 21:09, Laurent Bercot wrote:
It is not logical anymore to see root exploits as orders of magnitude
more dangerous than user-level ones, and spend much more efforts
to prevent specifically these exploits to be used.
If you are afraid that ping may have a bug,
i've been able to get the SOCK_DGRAM stuff to work with a little help of
Vasily, author of the kernel patch.
see attached proof-of-concept patch.
i'm aware that it doesnt use xbind() and other busybox replacement
funcs. getting it into a more busybox-ish shape is something i leave as
a task
Applied, thanks.
On Tue, Nov 26, 2013 at 10:18 PM, Daniel Borca dbo...@yahoo.com wrote:
Allow non-setuid ping.
Reference:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c319b4d76b9e583a5d88d6bf190e079c4e43213d
-dborca
Allow non-setuid ping.
Reference:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c319b4d76b9e583a5d88d6bf190e079c4e43213d
-dborca
Signed-off-by: Daniel Borca dbo...@yahoo.com
---
networking/ping.c | 19 ---
1 files changed, 16 insertions(+), 3
29 matches
Mail list logo