On Fri, Jan 04, 2008 at 02:33:41AM -0800, James Sparenberg wrote:
> On Wednesday 02 January 2008 06:07:47 Marius Gedminas wrote:
> > On Tue, Jan 01, 2008 at 11:42:01PM -0800, James Sparenberg wrote:
> > > Hendrik,
> > >
> > > Actually ping requires root on all systems. Since in order to
> > > do icmp you need to put the nic into a different mode than it
> > > runs in normally. The way it is normally done on every other
> > > linux distro is to do (as root)
> > >
> > > chmod u+s /usr/bin/ping (or /bin/ping on busybox enabled
> > > systems)
> > >
> > > This will, yes, set ping as setuid root. If you look at any
> > > other Linux you see that they all run ping setuid root.
> >
> > If you do that with /bin/ping on busybox-enabled systems, it will
> > set *all* busybox utils (including /bin/sh) setuid root.
> >
> > Gun. Foot. Safety off.
> >
> > Good luck,
> > Marius Gedminas
>
> Marius,
>
> Yes it would seem so, and I expected it to happen, but if you do
> chmod u+s /bin/ping ... a normal user can run ping. But then if you
> turn around and do (after the chmod)
>
> cat /etc/sudoers
>
> As an unprivileged user ... it will give you a permission denied.
You're right, busybox has special support for suid and drops privileges
for applets that aren't supposed to be suid. This is cool, I didn't
know about it. Make sense when I notice /bin/su is a symlink to
busybox. Although I'm not sure then why busybox is not suid root by
default.
Marius Gedminas
--
Only great masters of style can succeed in being obtuse.
-- Oscar Wilde
Most UNIX programmers are great masters of style.
-- The Unnamed Usenetter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.maemo.org/pipermail/maemo-users/attachments/20080105/79c08172/attachment.pgp
