Busybox runtime restrictions

Rob Landley rob at landley.net
Mon Feb 13 17:30:06 UTC 2006 

On Sunday 12 February 2006 16:02, Michael S. Zick wrote:
> Group,
>
> Pardon a newbee question but I am either very
> confused or there is something missing...

The "something missing" is that busybox needs a real sudo applet.

> My test setup:
>
> A group name: 'users'
> A non-privileged  user: vsguest
> The user 'vsguest' is a member of the group 'users'.
>
> The busybox runtime restriction file '/etc/busybox.conf'
> contains only the '[SUID]' section header.

You read the menuconfig help for CONFIG_FEATURE_SUID_CONFIG, right?  (Seems to 
be the only documentation we have on the subject.)

New todo item: collate configuration help, BusyBox.html, 
examples/bootfloppy/*.txt, examples/udhcp/*.txt, the existing online FAQs, 
the README...

> Test part 1:
>
> login vsguest
> <password>
>
> Make a test file: 'touch junk'
> Try to change the file mode: 'chmod 755 junk'
>
> response:
> chmod: junk: Operation not permitted
> (I.E: correct as I understand it)

Um, who owns "junk"?  If vsguest owns it, vsguest should be able to modify it.  
(This is chmod, not chown...)

> logout from vsguest;
>
> Test part 2:
>
> Append the following line to /etc/busybox.conf:
> 'chmod = ssx root.users'
>
> login vsguest
> <password>
>
> Try to change the file mode: 'chmod 755 junk'
> Works as expected.
> (I.E: correct as I understand it)
>
> The problem:
>
> chmod 755 /bin/busybox
> Works!

You said they can run chmod as root.  That's what running chmod as root does.

> But of course, that turns off the ability of
> busybox supporting suid.
>
> Also, a similar thing can be done to /etc/busybox.conf
>
> With that control line, the regular user can trash
> the installation.

Sounds about right.

> Without that control line, the regular user can not
> change mode or ownership the their own files.

If they can't chmod, that's a bug.  If they can't chown, that's working as 
designed.  (Giving away your own files to somebody else has security 
implications, Linux doesn't allow it.)

> The question:
> Is this the intended behavior, a bug, or cockpit error
> on my part?

From current cvs:

landley at driftwood:~/busybox$ ls -l woot.sh
-rw-r--r--  1 landley landley 5954 Feb 11 18:34 woot.sh
landley at driftwood:~/busybox$ ./busybox chmod +x woot.sh
landley at driftwood:~/busybox$ ls -l woot.sh
-rwxr-xr-x  1 landley landley 5954 Feb 11 18:34 woot.sh
landley at driftwood:~/busybox$         

The rest sounds like pilot error, but I haven't looked that closely.

> Presuming no cockpit error:
>
> I suggest the addition of another pair field to the control
> line.  Also the recognition of a wildcard ('*') for those fields.

We need support for real sudo as an applet.  I'd rather implement that than 
extend the halfway thing we've got now.

Rob
-- 
Steve Ballmer: Innovation!  Inigo Montoya: You keep using that word.
I do not think it means what you think it means.

More information about the busybox mailing list