Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#26312 - [busybox] SETUID
Attached to Project:
Community Packages
Opened by Sverd Johnsen (sjohnsen) - Thursday, 06 October 2011, 23:53 GMT
Last edited by Sergej Pupykin (sergej) - Sunday, 16 October 2011, 17:26 GMT
Opened by Sverd Johnsen (sjohnsen) - Thursday, 06 October 2011, 23:53 GMT
Last edited by Sergej Pupykin (sergej) - Sunday, 16 October 2011, 17:26 GMT
|
DetailsVerified a claim on IRC that busybox is setuid. If that was intentional: very bad idea. Please use namcap on packages - it's there for a reason.
I hope that no one reported this earlier just because nobody is using it, luckily it's only the community version.. |
This task depends upon
Closed by Sergej Pupykin (sergej)
Sunday, 16 October 2011, 17:26 GMT
Reason for closing: Fixed
Additional comments about closing: both this and FS#25999 by saving access rights during package
update.
Sunday, 16 October 2011, 17:26 GMT
Reason for closing: Fixed
Additional comments about closing: both this and
FS#25999?I would still much prefer when busybox would ship with a .INSTALL file that basically says "chmod 4555 /bin/busybox if you want to use feature xyz" rather than shipping it with setuid by default.
I make a wild guess and assume that most people just use it casually or for recovery purposes (It's statically linked, after all.) and don't need/want it to be setuid by default given how long Busybox has been without this.