disable automatic selection of FEATURE_SUID; improve its help text

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2011-01-18 13:52:48 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2011-01-18 13:52:48 +0100
commit: 3b5acaa4323bd165077e60098af94ad9750d62fd (patch)
tree: a16712b4a1f1f8808355c28f7fac76d5148996f4 /Config.in
parent: 094cc51e50bdb877fa4c245dbde47e4dfbf94387 (diff)
download: busybox-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.gz
1 files changed, 12 insertions, 4 deletions
diff --git a/Config.in b/Config.in
index 140572e2d..1109b1016 100644
--- a/Config.in
+++ b/Config.in
@@ -328,10 +328,18 @@ config FEATURE_SUID
 	  symlinks pointing to each binary), and only set the suid bit on the
 	  one that needs it.
 
-	  The applets currently marked to need the suid bit are:
-
-	  crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,
-	  traceroute, vlock.
+	  The applets which require root rights (need suid bit or
+	  to be run by root) and will refuse to execute otherwise:
+	  crontab, login, passwd, su, vlock, wall.
+
+	  The applets which will use root rights if they have them
+	  (via suid bit, or because run by root), but would try to work
+	  without root right nevertheless:
+	  findfs, ping[6], traceroute[6], mount.
+
+	  Note that if you DONT select this option, but DO make busybox
+	  suid root, ALL applets will run under root, which is a huge
+	  security hole (think "cp /some/file /etc/passwd").
 
 config FEATURE_SUID_CONFIG
 	bool "Runtime SUID/SGID configuration via /etc/busybox.conf"
author	Denys Vlasenko <vda.linux@googlemail.com>	2011-01-18 13:52:48 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2011-01-18 13:52:48 +0100
commit	3b5acaa4323bd165077e60098af94ad9750d62fd (patch)
tree	a16712b4a1f1f8808355c28f7fac76d5148996f4 /Config.in
parent	094cc51e50bdb877fa4c245dbde47e4dfbf94387 (diff)
download	busybox-3b5acaa4323bd165077e60098af94ad9750d62fd.tar.gz