Ticket #35 (closed defect: invalid)

Opened 6 years ago

Last modified 6 years ago

SUID files flying around after build

Reported by: tg Assigned to: wbx
Priority: critical Milestone: 1.0
Component: build system Version: trunk
Keywords: Cc:

Description

I have the following files lying around:

build_mipsel/fuse-2.5.2/ipkg-install/usr/bin/fusermount build_mipsel/fuse-2.5.2/ipkg/fuse-utils/usr/bin/fusermount build_mipsel/linux-2.4-brcm/root/bin/busybox

All these three files are suid myself, which is a bad thing, even if the host system doesn't normally execute executables for the target system (binfmt_misc of Linux comes to mind).

Please change the build system to never have suid or sgid executables lying around or deleting them immediately. If they have to be created temporarily, prevent traversing by putting them into a 0700 directory.

Attachments

Change History

10/10/06 14:34:48 changed by wbx

  • status changed from new to assigned.

10/28/06 15:53:42 changed by wbx

  • status changed from assigned to closed.
  • resolution set to invalid.

The executables are cross-compiled and not executable on your host system. If we ever have a x86 port, you can reopen this ticket.

Add/Change #35 (SUID files flying around after build)




Action