summaryrefslogtreecommitdiff
path: root/Config.in
diff options
context:
space:
mode:
authorDenys Vlasenko2011-01-18 13:52:48 +0100
committerDenys Vlasenko2011-01-18 13:52:48 +0100
commit3b5acaa4323bd165077e60098af94ad9750d62fd (patch)
treea16712b4a1f1f8808355c28f7fac76d5148996f4 /Config.in
parent094cc51e50bdb877fa4c245dbde47e4dfbf94387 (diff)
downloadbusybox-3b5acaa4323bd165077e60098af94ad9750d62fd.zip
busybox-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.gz
disable automatic selection of FEATURE_SUID; improve its help text
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'Config.in')
-rw-r--r--Config.in16
1 files changed, 12 insertions, 4 deletions
diff --git a/Config.in b/Config.in
index 140572e..1109b10 100644
--- a/Config.in
+++ b/Config.in
@@ -328,10 +328,18 @@ config FEATURE_SUID
symlinks pointing to each binary), and only set the suid bit on the
one that needs it.
- The applets currently marked to need the suid bit are:
-
- crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,
- traceroute, vlock.
+ The applets which require root rights (need suid bit or
+ to be run by root) and will refuse to execute otherwise:
+ crontab, login, passwd, su, vlock, wall.
+
+ The applets which will use root rights if they have them
+ (via suid bit, or because run by root), but would try to work
+ without root right nevertheless:
+ findfs, ping[6], traceroute[6], mount.
+
+ Note that if you DONT select this option, but DO make busybox
+ suid root, ALL applets will run under root, which is a huge
+ security hole (think "cp /some/file /etc/passwd").
config FEATURE_SUID_CONFIG
bool "Runtime SUID/SGID configuration via /etc/busybox.conf"