Linux
busybox
webOS
Raspberrypi3

webOS Open Source Edition の観察(2)

先日のbusyboxの実験 でpingなどいくつかのコマンドを実行するためにはSUIDビットを立てておく必要があるとわかった。
タイムリーなことに、webOSの中を見ていたら、まさにそのためにbusyboxを2種類置いてあることに気がついたのでメモを残す。

busybox

busyboxが2種類ある。ひとつはnosuid, もうひとつがsuid。単なるbusyboxはnosuidの方のシンボリックリンクになっている。

root@raspberrypi3:~# ls -l /bin/busybox*
lrwxrwxrwx    1 root     root            14 Apr  3  2018 /bin/busybox -> busybox.nosuid
-rwxr-xr-x    1 root     root        404688 Apr  3  2018 /bin/busybox.nosuid
-rwsr-xr-x    1 root     root         43168 Apr  3  2018 /bin/busybox.suid

nosuidのbusyboxに含まれるコマンドは以下の通り。

root@raspberrypi3:~# /bin/busybox.nosuid 
BusyBox v1.24.1 (2018-04-03 01:11:57 UTC) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.

Usage: busybox [function [arguments]...]
   or: busybox --list
   or: function [arguments]...

    BusyBox is a multi-call binary that combines many common Unix
    utilities into a single executable.  Most people will create a
    link to busybox for each function they wish to use and BusyBox
    will act like whatever it was invoked as.

Currently defined functions:
    [, [[, addgroup, adduser, ar, ash, awk, basename, bash, blkid, cat, chattr, chgrp,
    chmod, chown, chroot, chvt, clear, cmp, cp, cpio, cut, date, dc, dd, deallocvt,
    delgroup, deluser, df, diff, dirname, dmesg, dnsdomainname, du, dumpkmap,
    dumpleases, echo, egrep, env, expr, false, fatattr, fbset, fdisk, fgrep, find,
    flock, free, fsck, fsck.minix, fstrim, fuser, getopt, getty, grep, groups, halt,
    head, hexdump, hostname, hwclock, i2cdetect, i2cdump, i2cget, i2cset, id, ifconfig,
    ifdown, ifup, insmod, ip, kill, killall, klogd, less, ln, loadfont, loadkmap,
    logger, logname, logread, losetup, ls, lsmod, md5sum, microcom, mkdir, mkfifo,
    mkfs.minix, mknod, mkswap, mktemp, modprobe, more, mount, mv, nc, netstat, nohup,
    nslookup, od, openvt, patch, pidof, pivot_root, poweroff, printf, ps, pwd, rdate,
    readlink, realpath, reboot, renice, reset, resize, rfkill, rm, rmdir, rmmod, route,
    run-parts, sed, seq, setconsole, sh, sha1sum, sha256sum, sha3sum, shuf, sleep, sort,
    start-stop-daemon, stat, strings, stty, sulogin, swapoff, swapon, switch_root, sync,
    sysctl, syslogd, tail, tar, tee, telnet, test, tftp, time, top, touch, tr, true,
    truncate, tty, tzset, udhcpd, uevent, umount, uname, uniq, unlink, unzip, uptime,
    users, usleep, vi, watch, wc, wget, which, who, whoami, xargs, yes

suidが立っているbusyboxに含まれるコマンドは以下の通り。

root@raspberrypi3:~# /bin/busybox.suid 
BusyBox v1.24.1 (2018-04-03 01:11:05 UTC) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.

Usage: busybox [function [arguments]...]
   or: busybox --list
   or: function [arguments]...

    BusyBox is a multi-call binary that combines many common Unix
    utilities into a single executable.  Most people will create a
    link to busybox for each function they wish to use and BusyBox
    will act like whatever it was invoked as.

Currently defined functions:
    login, passwd, ping, ping6, su, traceroute, vlock

このようにすれば、必要のないコマンドにまでSUIDビットを立てることで、セキュリティレベルが下がることを防げる。参考になる。