Message ID | 1308148061.25285.1764.camel@phil-desktop |
---|---|
State | New, archived |
Headers | show |
diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb index 0b51b25..b73b5b7 100644 --- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb +++ b/meta/recipes-core/tinylogin/tinylogin_1.4.bb @@ -9,7 +9,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269" PR = "r6" -SRC_URI = "http://tinylogin.busybox.net/downloads/tinylogin-${PV}.tar.bz2 \ +SRC_URI = "http://www.angstrom-distribution.org/unstable/sources/tinylogin-${PV}.tar.bz2 \ file://cvs-20040608.patch;patch=1;pnum=1 \ file://add-system.patch;patch=1;pnum=1 \ file://adduser-empty_pwd.patch;patch=1 \
On Wed, 2011-06-15 at 15:27 +0100, Phil Blundell wrote: > since busybox.net no longer seems to be hosting the tarball > > Signed-off-by: Phil Blundell <philb@gnu.org> > --- > meta/recipes-core/tinylogin/tinylogin_1.4.bb | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb > index 0b51b25..b73b5b7 100644 > --- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb > +++ b/meta/recipes-core/tinylogin/tinylogin_1.4.bb > @@ -9,7 +9,7 @@ LICENSE = "GPLv2" > LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269" > PR = "r6" > > -SRC_URI = "http://tinylogin.busybox.net/downloads/tinylogin-${PV}.tar.bz2 \ > +SRC_URI = "http://www.angstrom-distribution.org/unstable/sources/tinylogin-${PV}.tar.bz2 \ > file://cvs-20040608.patch;patch=1;pnum=1 \ > file://add-system.patch;patch=1;pnum=1 \ > file://adduser-empty_pwd.patch;patch=1 \ Merged to master, thanks. Longer term, I wonder if we could make this recipe download and build busybox but only build the getty/login parts and rename the resulting static binary to be standalone from busybox itself? That would likely address the concerns people (rightly IMO) have about making busybox itself SUID... Cheers, Richard
On Thu, 2011-07-07 at 11:29 +0100, Richard Purdie wrote: > Longer term, I wonder if we could make this recipe download and build > busybox but only build the getty/login parts and rename the resulting > static binary to be standalone from busybox itself? > > That would likely address the concerns people (rightly IMO) have about > making busybox itself SUID... I wondered about that too, but I'm still not very convinced that this is a good solution. I continue to feel that having the setuid login-related pieces as a separate source package is the best approach and I've never entirely understood why the busybox folks have been so determined to deprecate tinylogin in favour of the rolled-up version. Just to recap, I think there are five main areas of concern around having login and suchlike be part of busybox: a) the risk that busybox's privilege-dropping code might malfunction and lead to applets being run with more privs than they ought to have; b) the risk that busybox might have vulnerabilities in the code which runs before privileges are dropped; c) the difficulty in auditing the codebase for vulnerabilities: given that any part of busybox can (potentially) call any other function in the executable, it is hard to determine for sure which lines of code might be executed under setuid context and which might not; d) the various pieces of low-level fallout which go with having busybox itself be technically setuid (even if it drops the privileges immediately), for example inability to strace /bin/sh as any user other than root. e) the relatively high level of churn in the busybox codebase, meaning that any audit would need to be repeated frequently I think your proposal would address issues (a), (b), (d), and potentially (e), but it's not obvious to me that there is any way of solving (c) that wouldn't introduce another maintenance headache. And on the downside, I think (although I haven't tested it) that a login-only busybox build would probably end up bigger than the tinylogin binaries that we have today. p.
since busybox.net no longer seems to be hosting the tarball Signed-off-by: Phil Blundell <philb@gnu.org> --- meta/recipes-core/tinylogin/tinylogin_1.4.bb | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)