disable automatic selection of FEATURE_SUID; improve its help text

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2011-01-18 13:52:48 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2011-01-18 13:52:48 +0100
commit: 3b5acaa4323bd165077e60098af94ad9750d62fd (patch)
tree: a16712b4a1f1f8808355c28f7fac76d5148996f4 /Config.in
parent: 094cc51e50bdb877fa4c245dbde47e4dfbf94387 (diff)
download: busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.gz
busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.bz2
busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.zip
1 files changed, 12 insertions, 4 deletions
diff --git a/Config.in b/Config.in
index 140572e2d..1109b1016 100644
--- a/Config.in
+++ b/Config.in
@@ -328,10 +328,18 @@ config FEATURE_SUID
          symlinks pointing to each binary), and only set the suid bit on the
          one that needs it.
-          The applets currently marked to need the suid bit are:
+          The applets which require root rights (need suid bit or
+          to be run by root) and will refuse to execute otherwise:
-          crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,
+          crontab, login, passwd, su, vlock, wall.
-          traceroute, vlock.
+          The applets which will use root rights if they have them
+          (via suid bit, or because run by root), but would try to work
+          without root right nevertheless:
+          findfs, ping[6], traceroute[6], mount.
+          Note that if you DONT select this option, but DO make busybox
+          suid root, ALL applets will run under root, which is a huge
+          security hole (think "cp /some/file /etc/passwd").
 config FEATURE_SUID_CONFIG
        bool "Runtime SUID/SGID configuration via /etc/busybox.conf"
author	Denys Vlasenko <vda.linux@googlemail.com>	2011-01-18 13:52:48 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2011-01-18 13:52:48 +0100
commit	3b5acaa4323bd165077e60098af94ad9750d62fd (patch)
tree	a16712b4a1f1f8808355c28f7fac76d5148996f4 /Config.in
parent	094cc51e50bdb877fa4c245dbde47e4dfbf94387 (diff)
download	busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.gz busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.bz2 busybox-w32-3b5acaa4323bd165077e60098af94ad9750d62fd.zip

diff --git a/Config.in b/Config.in index 140572e2d..1109b1016 100644 --- a/Config.in +++ b/Config.in
@@ -328,10 +328,18 @@ config FEATURE_SUID
328	symlinks pointing to each binary), and only set the suid bit on the	328	symlinks pointing to each binary), and only set the suid bit on the
329	one that needs it.	329	one that needs it.
330		330
331	The applets currently marked to need the suid bit are:	331	The applets which require root rights (need suid bit or
332		332	to be run by root) and will refuse to execute otherwise:
333	crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,	333	crontab, login, passwd, su, vlock, wall.
334	traceroute, vlock.	334
		335	The applets which will use root rights if they have them
		336	(via suid bit, or because run by root), but would try to work
		337	without root right nevertheless:
		338	findfs, ping[6], traceroute[6], mount.
		339
		340	Note that if you DONT select this option, but DO make busybox
		341	suid root, ALL applets will run under root, which is a huge
		342	security hole (think "cp /some/file /etc/passwd").
335		343
336	config FEATURE_SUID_CONFIG	344	config FEATURE_SUID_CONFIG
337	bool "Runtime SUID/SGID configuration via /etc/busybox.conf"	345	bool "Runtime SUID/SGID configuration via /etc/busybox.conf"