X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@lists.alpinelinux.org
Received: from mail-vx0-f194.google.com (mail-vx0-f194.google.com [209.85.220.194])
	by lists.alpinelinux.org (Postfix) with ESMTP id CBC991EBFFA
	for <alpine-devel@lists.alpinelinux.org>; Fri, 11 Mar 2011 22:53:48 +0000 (UTC)
Received: by vxc33 with SMTP id 33so658305vxc.1
        for <alpine-devel@lists.alpinelinux.org>; Fri, 11 Mar 2011 14:53:47 -0800 (PST)
Received: by 10.52.100.65 with SMTP id ew1mr4159450vdb.44.1299884027457;
        Fri, 11 Mar 2011 14:53:47 -0800 (PST)
Received: from petrie (99-32-97-100.uvs.tulsok.sbcglobal.net [99.32.97.100])
        by mx.google.com with ESMTPS id cq4sm1174598vdb.37.2011.03.11.14.53.46
        (version=SSLv3 cipher=OTHER);
        Fri, 11 Mar 2011 14:53:47 -0800 (PST)
Date: Fri, 11 Mar 2011 16:54:58 -0600
From: William Pitcock <nenolod@dereferenced.org>
To: Natanael Copa <ncopa@alpinelinux.org>
Cc: alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] busybox and suid root apps (ping traceroute etc)
Message-ID: <20110311165458.3d76c00a@petrie>
In-Reply-To: <20110307153845.5371fd22@ncopa-desktop.nor.wtbts.net>
References: <20110307153845.5371fd22@ncopa-desktop.nor.wtbts.net>
X-Mailer: Claws Mail 3.7.8 (GTK+ 2.24.0; x86_64-unknown-linux-gnu)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Mon, 7 Mar 2011 15:38:45 +0100
Natanael Copa <ncopa@alpinelinux.org> wrote:

> Hi,
> 
> I would like to hear about how you think we should solve:
> http://redmine.alpinelinux.org/issues/527
> 
> Problem: both iputils and bbsuid provides a /bin/ping binary (which
> needs to be suid root). iputils has a replaces=bbsuid so it replaces
> the busybox ping. But when you upgrade and new version of bbsuid
> exists you will get a conflict since /bin/ping now is owned by
> iputils.
> 
> Alternatives:
> 1) Do nothing. Let upgraders 'apk del iputils' before upgrade and apk
> add iputils again after upgrade.
> 
> 2) let bbsuid replace iputils. This will make the upgrade of bbsuid
> silently overwrite iputils' /bin/ping.
> 
> 3) let busybox run as suid root and delete the bbsuid application
> 
> 4) let bbsuid post-install script create symlinks the same way as
> busybox does.
> 

i think #4 is the preferable solution here.

- nenolod


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---