Reply
Thread Tools
Posts: 268 | Thanked: 1,053 times | Joined on May 2010 @ The Netherlands
#221
Originally Posted by reinob View Post
I'm not sure I want to update. I actually prefer having a std. /bin/busybox and a suid /bin/busybox_root.

I mean, if using PING (among others) requires root priviledges, why should busybox bypass this? we can all use sudo when required.
Because it is common to make ping (and some others) setuid on a typical Linux installation. For example, Archlinux (which I'm using) has /bin/ping setuid root. Only thing is that we have BusyBox providing those typically setuid applications, which is perfectly fine since BusyBox supports automatically dropping privileges when they're not required.

Originally Posted by reinob View Post
Apparently there are good security reasons why TMPDIR and other env. vars are not inherited from suid binaries, and this is the standard behaviour in glibc, i.e. not considered a bug. I don't see why busybox also has to bypass this behaviour.
The new patch doesn't make BusyBox bypass the behaviour; that can not be done by glibc' design. It only makes BusyBox parse a key-value list of variables, and set just those variables that are not already set. The list only contains TMPDIR by default.
There are no security implications with this behaviour AFAIK, as the environment variables are still not inherited and non-root users can't edit the key-value list of variables.

Originally Posted by reinob View Post
Aside from personal opinions or preferences, are there any *actual* problems caused by (1) having a separate suid busybox_root, and (2) leaving the TMPDIR behaviour as it is/was?
There shouldn't be any problems at all. However, applications can assume that all applets are provided by /bin/busybox, which will of course fail when an applet is moved to /bin/busybox_root (regardless of whether that applet is correctly symlinked to /bin/foo or not). This is currently the case with BackupMenu's root shell functionality.

Also, having one single binary is easier to maintain and cleaner in my opinion, which are the main reasons for taking the current approach to me.

Originally Posted by reinob View Post
Would be happy to get an answer to the last question. Otherwise I might just stay with 1.19.3-power1, or do my own busybox, or get rid of busybox completely.
Just a suggestion: if ping is the only setuid application you're using, you could just run `chmod u-s /bin/busybox` and install iputils-ping, that seems to be easier .

By the way, lma also had a good idea regarding this topic: split busybox into busybox and busybox_root, and make busybox exec busybox_root when it is invoked with e.g. ping. I'll certainly look into that, but it might take a while before I'll get around to that (patches are welcome of course).

--

Edit: forgot to mention: busybox-power 1.19.3power4 should hit extras-testing in an hour or so. Please submit it to some serious testing!

Last edited by iDont; 2012-01-16 at 18:45.
 

The Following 4 Users Say Thank You to iDont For This Useful Post:
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#222
iDont, could You check this:
http://talk.maemo.org/showthread.php?t=81613&page=4
...? It seems, that some things were changed in dd between stock busybox, and busybox-power. It wasn't tested by me, but people using busybox-power have problems with u-boot, where others are fine.

I'm sure Pali will incorporate some fix for that on u-boot side, but, maybe it's also something important for busybox to consider?

/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 

The Following 2 Users Say Thank You to Estel For This Useful Post:
Posts: 1,100 | Thanked: 2,797 times | Joined on Apr 2011 @ Netherlands
#223
Originally Posted by Estel View Post
iDont, could You check this:
http://talk.maemo.org/showthread.php?t=81613&page=4
...? It seems, that some things were changed in dd between stock busybox, and busybox-power. It wasn't tested by me, but people using busybox-power have problems with u-boot, where others are fine.

I'm sure Pali will incorporate some fix for that on u-boot side, but, maybe it's also something important for busybox to consider?

/Estel
It's just a flag that is not supported by the stock busybox nor busybox power and will result in an error in both cases. So I can't image that is was fine with people using the stock busybox. Errors where redirected to /dev/null in this case, so maybe not everybody saw the error.

Try some test commands if you are in any doubt.

Code:
BusyBox v1.10.2 (Debian 3:1.10.2.legal-1osso30+0m5) multi-call binary

Usage: dd [if=FILE] [of=FILE] [bs=N] [count=N] [skip=N]
        [seek=N]
Code:
BusyBox v1.19.3 (Debian 1.19.3power4) multi-call binary.

Usage: dd [if=FILE] [of=FILE] [ibs=N] [obs=N] [bs=N] [count=N] [skip=N]
        [seek=N] [conv=notrunc|noerror|sync|fsync]

Copy a file with converting and formatting

        if=FILE         Read from FILE instead of stdin
        of=FILE         Write to FILE instead of stdout
        bs=N            Read and write N bytes at a time
        ibs=N           Read N bytes at a time
        obs=N           Write N bytes at a time
        count=N         Copy only N input blocks
        skip=N          Skip N input blocks
        seek=N          Skip N output blocks
        conv=notrunc    Don't truncate output file
        conv=noerror    Continue after read errors
        conv=sync       Pad blocks with zeros
        conv=fsync      Physically write data out before finishing

Numbers may be suffixed by c (x1), w (x2), b (x512), kD (x1000), k (x1024),
MD (x1000000), M (x1048576), GD (x1000000000) or G (x1073741824)
 

The Following 2 Users Say Thank You to ade For This Useful Post:
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#224
Thanks, ade. It's just that after "half-year" unreported bug with backupmenu root console and busybox, I'm preferring to report early (and possibly wrong), rather than not reporting at all

/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 

The Following 3 Users Say Thank You to Estel For This Useful Post:
Posts: 195 | Thanked: 96 times | Joined on May 2011
#225
i have updated busybox-power and i have no problems with stability nor multiboot
 

The Following 2 Users Say Thank You to Seker_94 For This Useful Post:
Posts: 1,523 | Thanked: 1,997 times | Joined on Jul 2011 @ not your mom's FOSS basement
#226
Why is the command "Free Rootfs" of desktop command execution widget
Code:
df -h | awk '$1 == "rootfs" {print $4"B"}'
not working when upgrading from stock busybox?
 

The Following 3 Users Say Thank You to don_falcone For This Useful Post:
Posts: 48 | Thanked: 32 times | Joined on Dec 2010 @ Russia, Moscow
#227
Originally Posted by Hurrian View Post
Hmm, it's still probably a valid concern for the Maemo community.

We're running an ancient version of e2fsprogs (1.41.3/2008 Oct 12) which is 12 stable versions behind the latest version (1.42/2011 Nov 29).

e2fsprogs-power tiem?
e2fsck-static from Wheezy does the job perfectly, segfaults at pass 3A on a damaged ext4 are gone.

I don't think it should be included in busybox-power
 

The Following 4 Users Say Thank You to Bad_Habit For This Useful Post:
Posts: 268 | Thanked: 1,053 times | Joined on May 2010 @ The Netherlands
#228
Originally Posted by Estel View Post
iDont, could You check this:
http://talk.maemo.org/showthread.php?t=81613&page=4
...? It seems, that some things were changed in dd between stock busybox, and busybox-power. It wasn't tested by me, but people using busybox-power have problems with u-boot, where others are fine.

I'm sure Pali will incorporate some fix for that on u-boot side, but, maybe it's also something important for busybox to consider?

/Estel
Thanks for the pointer. However, ade seems to be right on this one, i.e. not caused by busybox-power. I've notified pali about the unsupported parameters.

Originally Posted by don_falcone View Post
Why is the command "Free Rootfs" of desktop command execution widget
Code:
df -h | awk '$1 == "rootfs" {print $4"B"}'
not working when upgrading from stock busybox?
Thanks for reporting. That must be because we ignore the rootfs entry in df's output as per this commit. Next busybox-power release will have this fixed (*click*).
 

The Following 2 Users Say Thank You to iDont For This Useful Post:
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#229
Originally Posted by don_falcone View Post
Why is the command "Free Rootfs" of desktop command execution widget
Code:
df -h | awk '$1 == "rootfs" {print $4"B"}'
not working when upgrading from stock busybox?
Beacuse the entry for rootfs reads "ubi0:rootfs"

So you need:

Code:
df -h | awk '$1 == "ubi0:rootfs" {print $4"B"}'
Does the stock busybox/df show only "rootfs"?

In any case, with:
Code:
df -h | awk '$1 ~ "rootfs" {print $4"B"}'
it should work as long as "rootfs" appears in the first field.

Add.: cat /proc/mounts shows "rootfs" AND "ubi0:rootfs". Busybox/df skips "rootfs", but still shows "ubi0:rootfs", so as a workaround it's OK. Don't know why coreutils/df might want to skip rootfs. Doesn't make any sense to me..

Last edited by reinob; 2012-01-18 at 07:56.
 

The Following 3 Users Say Thank You to reinob For This Useful Post:
Posts: 268 | Thanked: 1,053 times | Joined on May 2010 @ The Netherlands
#230
Thanks for providing an alternative command, reinob

Originally Posted by reinob View Post
Don't know why coreutils/df might want to skip rootfs. Doesn't make any sense to me..
libbb/Config.src provides some insight:
config FEATURE_SKIP_ROOTFS
bool "Skip rootfs in mount table"
default y
help
Ignore rootfs entry in mount table.

In Linux, kernel has a special filesystem, rootfs, which is initially
mounted on /. It contains initramfs data, if kernel is configured
to have one. Usually, another file system is mounted over / early
in boot process, and therefore most tools which manipulate
mount table, such as df, will skip rootfs entry.

However, some systems do not mount anything on /.
If you need to configure busybox for one of these systems,
you may find it useful to turn this option off to make df show
initramfs statistics.

Otherwise, choose Y.
 

The Following 3 Users Say Thank You to iDont For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 18:47.