disable automatic selection of FEATURE_SUID; improve its help text

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2011-01-18 13:52:48 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2011-01-18 13:52:48 +0100
commit: 3b5acaa4323bd165077e60098af94ad9750d62fd (patch)
tree: a16712b4a1f1f8808355c28f7fac76d5148996f4
parent: 094cc51e50bdb877fa4c245dbde47e4dfbf94387 (diff)
download: busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.gz
busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.bz2
busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.zip
5 files changed, 14 insertions, 11 deletions
diff --git a/Config.in b/Config.in
index 140572e2d..1109b1016 100644
--- a/Config.in
+++ b/Config.in
@@ -328,10 +328,18 @@ config FEATURE_SUID
          symlinks pointing to each binary), and only set the suid bit on the
          one that needs it.
-          The applets currently marked to need the suid bit are:
+          The applets which require root rights (need suid bit or
+          to be run by root) and will refuse to execute otherwise:
-          crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,
+          crontab, login, passwd, su, vlock, wall.
-          traceroute, vlock.
+          The applets which will use root rights if they have them
+          (via suid bit, or because run by root), but would try to work
+          without root right nevertheless:
+          findfs, ping[6], traceroute[6], mount.
+          Note that if you DONT select this option, but DO make busybox
+          suid root, ALL applets will run under root, which is a huge
+          security hole (think "cp /some/file /etc/passwd").
 config FEATURE_SUID_CONFIG
        bool "Runtime SUID/SGID configuration via /etc/busybox.conf"
diff --git a/include/applets.src.h b/include/applets.src.h
index 691e097c1..2481fe67f 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -18,6 +18,8 @@ s     - suid type:
        _BB_SUID_MAYBE: neither of the above
        (every instance of _BB_SUID_REQUIRE and _BB_SUID_MAYBE
        needs to be justified in comment)
+        NB: please update FEATURE_SUID help text whenever you add/remove
+        _BB_SUID_REQUIRE or _BB_SUID_MAYBE applet.
 */
 #if defined(PROTOTYPES)
diff --git a/loginutils/Config.src b/loginutils/Config.src
index 8158bce74..4c771bbc4 100644
--- a/loginutils/Config.src
+++ b/loginutils/Config.src
@@ -186,7 +186,6 @@ config GETTY
 config LOGIN
        bool "login"
        default y
-        select FEATURE_SUID
        select FEATURE_SYSLOG
        help
          login is used when signing onto a system.
@@ -229,7 +228,6 @@ config FEATURE_SECURETTY
 config PASSWD
        bool "passwd"
        default y
-        select FEATURE_SUID
        select FEATURE_SYSLOG
        help
          passwd changes passwords for user and group accounts. A normal user
@@ -265,7 +263,6 @@ config CHPASSWD
 config SU
        bool "su"
        default y
-        select FEATURE_SUID
        select FEATURE_SYSLOG
        help
          su is used to become another user during a login session.
@@ -295,7 +292,6 @@ config SULOGIN
 config VLOCK
        bool "vlock"
        default y
-        select FEATURE_SUID
        help
          Build the "vlock" applet which allows you to lock (virtual) terminals.
diff --git a/miscutils/Config.src b/miscutils/Config.src
index 4912daf88..da52e14c6 100644
--- a/miscutils/Config.src
+++ b/miscutils/Config.src
@@ -170,7 +170,6 @@ config FEATURE_CROND_DIR
 config CRONTAB
        bool "crontab"
        default y
-        select FEATURE_SUID
        help
          Crontab manipulates the crontab for a particular user. Only
          the superuser may specify a different user and/or crontab directory.
diff --git a/util-linux/Config.src b/util-linux/Config.src
index dbf2b0d85..941a47f90 100644
--- a/util-linux/Config.src
+++ b/util-linux/Config.src
@@ -361,7 +361,6 @@ config FEATURE_HWCLOCK_ADJTIME_FHS
 config IPCRM
        bool "ipcrm"
        default y
-        select FEATURE_SUID
        help
          The ipcrm utility allows the removal of System V interprocess
          communication (IPC) objects and the associated data structures
@@ -371,7 +370,6 @@ config IPCS
        bool "ipcs"
        default y
        depends on PLATFORM_LINUX
-        select FEATURE_SUID
        help
          The ipcs utility is used to provide information on the currently
          allocated System V interprocess (IPC) objects in the system.
author	Denys Vlasenko <vda.linux@googlemail.com>	2011-01-18 13:52:48 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2011-01-18 13:52:48 +0100
commit	3b5acaa4323bd165077e60098af94ad9750d62fd (patch)
tree	a16712b4a1f1f8808355c28f7fac76d5148996f4
parent	094cc51e50bdb877fa4c245dbde47e4dfbf94387 (diff)
download	busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.gz busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.bz2 busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.zip

diff --git a/Config.in b/Config.in index 140572e2d..1109b1016 100644 --- a/Config.in +++ b/Config.in
@@ -328,10 +328,18 @@ config FEATURE_SUID
328	symlinks pointing to each binary), and only set the suid bit on the	328	symlinks pointing to each binary), and only set the suid bit on the
329	one that needs it.	329	one that needs it.
330		330
331	The applets currently marked to need the suid bit are:	331	The applets which require root rights (need suid bit or
332		332	to be run by root) and will refuse to execute otherwise:
333	crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,	333	crontab, login, passwd, su, vlock, wall.
334	traceroute, vlock.	334
		335	The applets which will use root rights if they have them
		336	(via suid bit, or because run by root), but would try to work
		337	without root right nevertheless:
		338	findfs, ping[6], traceroute[6], mount.
		339
		340	Note that if you DONT select this option, but DO make busybox
		341	suid root, ALL applets will run under root, which is a huge
		342	security hole (think "cp /some/file /etc/passwd").
335		343
336	config FEATURE_SUID_CONFIG	344	config FEATURE_SUID_CONFIG
337	bool "Runtime SUID/SGID configuration via /etc/busybox.conf"	345	bool "Runtime SUID/SGID configuration via /etc/busybox.conf"


diff --git a/include/applets.src.h b/include/applets.src.h index 691e097c1..2481fe67f 100644 --- a/include/applets.src.h +++ b/include/applets.src.h
@@ -18,6 +18,8 @@ s - suid type:
18	_BB_SUID_MAYBE: neither of the above	18	_BB_SUID_MAYBE: neither of the above
19	(every instance of _BB_SUID_REQUIRE and _BB_SUID_MAYBE	19	(every instance of _BB_SUID_REQUIRE and _BB_SUID_MAYBE
20	needs to be justified in comment)	20	needs to be justified in comment)
		21	NB: please update FEATURE_SUID help text whenever you add/remove
		22	_BB_SUID_REQUIRE or _BB_SUID_MAYBE applet.
21	*/	23	*/
22		24
23	#if defined(PROTOTYPES)	25	#if defined(PROTOTYPES)


diff --git a/loginutils/Config.src b/loginutils/Config.src index 8158bce74..4c771bbc4 100644 --- a/loginutils/Config.src +++ b/loginutils/Config.src
@@ -186,7 +186,6 @@ config GETTY
186	config LOGIN	186	config LOGIN
187	bool "login"	187	bool "login"
188	default y	188	default y
189	select FEATURE_SUID
190	select FEATURE_SYSLOG	189	select FEATURE_SYSLOG
191	help	190	help
192	login is used when signing onto a system.	191	login is used when signing onto a system.
@@ -229,7 +228,6 @@ config FEATURE_SECURETTY
229	config PASSWD	228	config PASSWD
230	bool "passwd"	229	bool "passwd"
231	default y	230	default y
232	select FEATURE_SUID
233	select FEATURE_SYSLOG	231	select FEATURE_SYSLOG
234	help	232	help
235	passwd changes passwords for user and group accounts. A normal user	233	passwd changes passwords for user and group accounts. A normal user
@@ -265,7 +263,6 @@ config CHPASSWD
265	config SU	263	config SU
266	bool "su"	264	bool "su"
267	default y	265	default y
268	select FEATURE_SUID
269	select FEATURE_SYSLOG	266	select FEATURE_SYSLOG
270	help	267	help
271	su is used to become another user during a login session.	268	su is used to become another user during a login session.
@@ -295,7 +292,6 @@ config SULOGIN
295	config VLOCK	292	config VLOCK
296	bool "vlock"	293	bool "vlock"
297	default y	294	default y
298	select FEATURE_SUID
299	help	295	help
300	Build the "vlock" applet which allows you to lock (virtual) terminals.	296	Build the "vlock" applet which allows you to lock (virtual) terminals.
301		297


diff --git a/miscutils/Config.src b/miscutils/Config.src index 4912daf88..da52e14c6 100644 --- a/miscutils/Config.src +++ b/miscutils/Config.src
@@ -170,7 +170,6 @@ config FEATURE_CROND_DIR
170	config CRONTAB	170	config CRONTAB
171	bool "crontab"	171	bool "crontab"
172	default y	172	default y
173	select FEATURE_SUID
174	help	173	help
175	Crontab manipulates the crontab for a particular user. Only	174	Crontab manipulates the crontab for a particular user. Only
176	the superuser may specify a different user and/or crontab directory.	175	the superuser may specify a different user and/or crontab directory.


diff --git a/util-linux/Config.src b/util-linux/Config.src index dbf2b0d85..941a47f90 100644 --- a/util-linux/Config.src +++ b/util-linux/Config.src
@@ -361,7 +361,6 @@ config FEATURE_HWCLOCK_ADJTIME_FHS
361	config IPCRM	361	config IPCRM
362	bool "ipcrm"	362	bool "ipcrm"
363	default y	363	default y
364	select FEATURE_SUID
365	help	364	help
366	The ipcrm utility allows the removal of System V interprocess	365	The ipcrm utility allows the removal of System V interprocess
367	communication (IPC) objects and the associated data structures	366	communication (IPC) objects and the associated data structures
@@ -371,7 +370,6 @@ config IPCS
371	bool "ipcs"	370	bool "ipcs"
372	default y	371	default y
373	depends on PLATFORM_LINUX	372	depends on PLATFORM_LINUX
374	select FEATURE_SUID
375	help	373	help
376	The ipcs utility is used to provide information on the currently	374	The ipcs utility is used to provide information on the currently
377	allocated System V interprocess (IPC) objects in the system.	375	allocated System V interprocess (IPC) objects in the system.