Mail archive
alpine-devel

[alpine-devel] busybox and suid root apps (ping traceroute etc)

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Mon, 7 Mar 2011 15:38:45 +0100

Hi,

I would like to hear about how you think we should solve:
http://redmine.alpinelinux.org/issues/527

Problem: both iputils and bbsuid provides a /bin/ping binary (which
needs to be suid root). iputils has a replaces=bbsuid so it replaces
the busybox ping. But when you upgrade and new version of bbsuid exists
you will get a conflict since /bin/ping now is owned by iputils.

Alternatives:
1) Do nothing. Let upgraders 'apk del iputils' before upgrade and apk
add iputils again after upgrade.

2) let bbsuid replace iputils. This will make the upgrade of bbsuid
silently overwrite iputils' /bin/ping.

3) let busybox run as suid root and delete the bbsuid application

4) let bbsuid post-install script create symlinks the same way as
busybox does.


I think #3 is the technical "correct" solution, but running entire
busybox as suid root scares me (which is why bbsuid exists in first
place).

The same problem applies to traceroute.

Do we have other alternatives?

What do you think?

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Mon Mar 07 2011 - 15:38:45 UTC