X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@lists.alpinelinux.org Received: from mail.wtbts.no (mail.wtbts.no [213.234.126.131]) by lists.alpinelinux.org (Postfix) with ESMTP id 25FC61EBFF8 for ; Mon, 7 Mar 2011 14:40:36 +0000 (UTC) Received: from localhost (bsna.nor.wtbts.net [127.0.0.1]) by mail.wtbts.no (Postfix) with ESMTP id 65388AE4003 for ; Mon, 7 Mar 2011 14:40:34 +0000 (UTC) X-Virus-Scanned: Yes Received: from mail.wtbts.no ([127.0.0.1]) by localhost (bsna.nor.wtbts.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7T7PodynpptT for ; Mon, 7 Mar 2011 14:40:18 +0000 (UTC) Received: from mail.ytre.org (extmail.nor.wtbts.net [10.65.72.14]) by mail.wtbts.no (Postfix) with ESMTP id BBF16376074 for ; Mon, 7 Mar 2011 14:40:18 +0000 (UTC) Received: from mail.ytre.org (localhost [127.0.0.1]) by mail.ytre.org (Postfix) with ESMTP id A415160B0925C for ; Mon, 7 Mar 2011 14:40:18 +0000 (UTC) Received: from ncopa-desktop.nor.wtbts.net (unknown [10.65.65.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: ncopa@ytre.org) by mail.ytre.org (Postfix) with ESMTPSA id 9365C60AAFACD for ; Mon, 7 Mar 2011 14:40:18 +0000 (UTC) Date: Mon, 7 Mar 2011 15:38:45 +0100 From: Natanael Copa To: alpine-devel@lists.alpinelinux.org Subject: [alpine-devel] busybox and suid root apps (ping traceroute etc) Message-ID: <20110307153845.5371fd22@ncopa-desktop.nor.wtbts.net> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.24.0; x86_64-unknown-linux-gnu) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Hi, I would like to hear about how you think we should solve: http://redmine.alpinelinux.org/issues/527 Problem: both iputils and bbsuid provides a /bin/ping binary (which needs to be suid root). iputils has a replaces=bbsuid so it replaces the busybox ping. But when you upgrade and new version of bbsuid exists you will get a conflict since /bin/ping now is owned by iputils. Alternatives: 1) Do nothing. Let upgraders 'apk del iputils' before upgrade and apk add iputils again after upgrade. 2) let bbsuid replace iputils. This will make the upgrade of bbsuid silently overwrite iputils' /bin/ping. 3) let busybox run as suid root and delete the bbsuid application 4) let bbsuid post-install script create symlinks the same way as busybox does. I think #3 is the technical "correct" solution, but running entire busybox as suid root scares me (which is why bbsuid exists in first place). The same problem applies to traceroute. Do we have other alternatives? What do you think? -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---