From 138791050d36d221d718568094892245d7c6f6ec Mon Sep 17 00:00:00 2001 From: Eric Andersen Date: Thu, 26 Aug 2004 23:13:00 +0000 Subject: Improve the setuid situation a bit, and make it more apparent when people really ought to make busybox setuid root. -Erik --- Makefile | 10 ++++++++++ loginutils/Config.in | 16 ++++++++++++++++ miscutils/Config.in | 3 +++ 3 files changed, 29 insertions(+) diff --git a/Makefile b/Makefile index 8afd698..29897ef 100644 --- a/Makefile +++ b/Makefile @@ -57,6 +57,16 @@ busybox.links: applets/busybox.mkll include/config.h install: applets/install.sh busybox busybox.links $(SHELL) $< $(PREFIX) +ifeq ($(strip $(CONFIG_FEATURE_SUID)),y) + @echo + @echo + @echo -------------------------------------------------- + @echo You will probably need to make your busybox binary + @echo setuid root to ensure all configured applets will + @echo work properly. + @echo -------------------------------------------------- + @echo +endif uninstall: busybox.links rm -f $(PREFIX)/bin/busybox diff --git a/loginutils/Config.in b/loginutils/Config.in index d9938b0..5619aa9 100644 --- a/loginutils/Config.in +++ b/loginutils/Config.in @@ -69,9 +69,13 @@ config CONFIG_FEATURE_U_W_TMP config CONFIG_LOGIN bool "login" default n + select CONFIG_FEATURE_SUID help login is used when signing onto a system. + Note that Busybox binary must be setuid root for this applet to + work properly. + config CONFIG_FEATURE_SECURETTY bool " Support for /etc/securetty" default y @@ -84,19 +88,27 @@ config CONFIG_FEATURE_SECURETTY config CONFIG_PASSWD bool "passwd" default n + select CONFIG_FEATURE_SUID help passwd changes passwords for user and group accounts. A normal user may only change the password for his/her own account, the super user may change the password for any account. The administrator of a group may change the password for the group. + Note that Busybox binary must be setuid root for this applet to + work properly. + config CONFIG_SU bool "su" default n + select CONFIG_FEATURE_SUID help su is used to become another user during a login session. Invoked without a username, su defaults to becoming the super user. + Note that Busybox binary must be setuid root for this applet to + work properly. + config CONFIG_SULOGIN bool "sulogin" default n @@ -107,9 +119,13 @@ config CONFIG_SULOGIN config CONFIG_VLOCK bool "vlock" default n + select CONFIG_FEATURE_SUID help Build the "vlock" applet which allows you to lock (virtual) terminals. + Note that Busybox binary must be setuid root for this applet to + work properly. + comment "Common options for adduser, deluser, login, su" depends on CONFIG_ADDUSER || CONFIG_DELUSER || CONFIG_LOGIN || CONFIG_SU diff --git a/miscutils/Config.in b/miscutils/Config.in index 3c92c46..77e13e8 100644 --- a/miscutils/Config.in +++ b/miscutils/Config.in @@ -15,6 +15,7 @@ config CONFIG_ADJTIMEX config CONFIG_CROND bool "crond" default n + select CONFIG_FEATURE_SUID help Crond is a background daemon that parses individual crontab files and executes commands on behalf of the users in question. @@ -23,6 +24,8 @@ config CONFIG_CROND $ cat /var/spool/cron/crontabs/root # Run daily cron jobs at 4:40 every day: 40 4 * * * /etc/cron/daily > /dev/null 2>&1 + Note that Busybox binary must be setuid root for this applet to + work properly. config CONFIG_FEATURE_CROND_CALL_SENDMAIL bool " Using /usr/sbin/sendmail?" -- cgit v1.1