Mail archive

Re: [alpine-devel] 3.3 proposal: reduce number of SUID binaries as much as possible

From: William Pitcock <>
Date: Sun, 31 May 2015 05:02:50 -0500


On Fri, May 29, 2015 at 8:07 PM, William Pitcock
<> wrote:
> Hello,
> On Fri, May 29, 2015 at 1:10 PM, Orion <> wrote:
>> # Note
>> Trying to get rid of SUID/SGID executables from alpine-mini most likely
>> will intruduce more complexity. I concede that this may not be worth the
>> effort for the alpine-mini ISO as an install medium but as installation
>> options, like choosing between between dropbear and openssh for your
>> ssh daemon.
>> On Fri, 29 May 2015 11:42:31 -0500
>> William Pitcock <> wrote:
>>> As far as I know there's no SUID/SGID enabled packages in alpine-mini
>>> other than bbsuid which we install to proxy only the SUID-needing bits
>>> of busybox.
>> While most likely that is true there are programs that are symbolically
>> linked to /bin/bbsuid and don't strictly have to be.
>> * /bin/ping
>> * /bin/ping6
>> * /usr/bin/traceroute
> I am preparing to push a busybox update which handles this using file
> capabilities as you mention below.

This is now in busybox-1.23.2-r1. I am still investigating how best
to handle migration to a TCB type thing.

bbsuid presently wraps:

const static char * applets[] = {

It may be more interesting to extend capabilities to handle /bin/mount
and /bin/umount, or perhaps, require membership in a staff group to
use those commands. /usr/bin/passwd is handled by TCB and I believe
crontab can be handled by giving the user ownership of their crontab
file. /usr/sbin/su, should of course, be suid.


Received on Sun May 31 2015 - 05:02:50 UTC