先日のbusyboxの実験 でpingなどいくつかのコマンドを実行するためにはSUIDビットを立てておく必要があるとわかった。
タイムリーなことに、webOSの中を見ていたら、まさにそのためにbusyboxを2種類置いてあることに気がついたのでメモを残す。
#busybox
busyboxが2種類ある。ひとつはnosuid, もうひとつがsuid。単なるbusyboxはnosuidの方のシンボリックリンクになっている。
root@raspberrypi3:~# ls -l /bin/busybox*
lrwxrwxrwx 1 root root 14 Apr 3 2018 /bin/busybox -> busybox.nosuid
-rwxr-xr-x 1 root root 404688 Apr 3 2018 /bin/busybox.nosuid
-rwsr-xr-x 1 root root 43168 Apr 3 2018 /bin/busybox.suid
nosuidのbusyboxに含まれるコマンドは以下の通り。
root@raspberrypi3:~# /bin/busybox.nosuid
BusyBox v1.24.1 (2018-04-03 01:11:57 UTC) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.
Usage: busybox [function [arguments]...]
or: busybox --list
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as.
Currently defined functions:
[, [[, addgroup, adduser, ar, ash, awk, basename, bash, blkid, cat, chattr, chgrp,
chmod, chown, chroot, chvt, clear, cmp, cp, cpio, cut, date, dc, dd, deallocvt,
delgroup, deluser, df, diff, dirname, dmesg, dnsdomainname, du, dumpkmap,
dumpleases, echo, egrep, env, expr, false, fatattr, fbset, fdisk, fgrep, find,
flock, free, fsck, fsck.minix, fstrim, fuser, getopt, getty, grep, groups, halt,
head, hexdump, hostname, hwclock, i2cdetect, i2cdump, i2cget, i2cset, id, ifconfig,
ifdown, ifup, insmod, ip, kill, killall, klogd, less, ln, loadfont, loadkmap,
logger, logname, logread, losetup, ls, lsmod, md5sum, microcom, mkdir, mkfifo,
mkfs.minix, mknod, mkswap, mktemp, modprobe, more, mount, mv, nc, netstat, nohup,
nslookup, od, openvt, patch, pidof, pivot_root, poweroff, printf, ps, pwd, rdate,
readlink, realpath, reboot, renice, reset, resize, rfkill, rm, rmdir, rmmod, route,
run-parts, sed, seq, setconsole, sh, sha1sum, sha256sum, sha3sum, shuf, sleep, sort,
start-stop-daemon, stat, strings, stty, sulogin, swapoff, swapon, switch_root, sync,
sysctl, syslogd, tail, tar, tee, telnet, test, tftp, time, top, touch, tr, true,
truncate, tty, tzset, udhcpd, uevent, umount, uname, uniq, unlink, unzip, uptime,
users, usleep, vi, watch, wc, wget, which, who, whoami, xargs, yes
suidが立っているbusyboxに含まれるコマンドは以下の通り。
root@raspberrypi3:~# /bin/busybox.suid
BusyBox v1.24.1 (2018-04-03 01:11:05 UTC) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.
Usage: busybox [function [arguments]...]
or: busybox --list
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as.
Currently defined functions:
login, passwd, ping, ping6, su, traceroute, vlock
このようにすれば、必要のないコマンドにまでSUIDビットを立てることで、セキュリティレベルが下がることを防げる。参考になる。