SUID Handling in busybox 0.61

Because tinylogin was merged into busybox 0.61, it became necessary for busybox to support SUID and SGID handling.

This has been implemented in a generic way, so every applet is able support it. Since the tinylogin way of using SUID priviledges is very limited, the busybox version has been extended to support three different flavors:

  1. No SUID/SGID handling at all:
    priviledges are always dropped.
  2. Compile time configuration (CONFIG_FEATURE_SUID)
    this is the same as in tinylogin: every applet has a flag, that states wether this applet to be run SUID root (!)
  3. Runtime configuration via /etc/busybox.conf (CONFIG_FEATURE_SUID_CONFIG)
    On every invocation of an applet, busybox checks if it finds a corresponding entry in /etc/busybox.conf regarding SUID handling. If no entry is found, busybox uses the compile time configuration (see 2.).

Format of /etc/busybox.conf:

The file has to be owned by user root, group root and has to be writeable only by root (chown 0.0; chmod 600;). The content is INI style like:

This way, it is easily understood by users and busybox developers can easily add new configuration options. Blank lines are ignored and everthing to the right of a "#" character is treated as a comment.

The SUID handling code only parses the "[SUID]" group. Every line in this group has the following syntax:

<applet> = [Ssx-][Ssx-][x-] (<username>|<uid>).(<groupname>|<gid>)

The three [Ssx-] flags following the applet name are just like the corresponding s/x flag in a ls -l directory listing (user, group, all).

The username/uid and groupname/gid fields are optional and default both to root/0

su = ssx root.0 # applet su can be run by anyone and runs with euid=0/egid=0
su = ssx        # exactly the same

mount = sx- root.disk # applet mount can be run by root and members of group disk
                      # and runs with euid=0

cp = --- # disable applet cp for everyone

Author: Robert 'sandman' Griebl