From 3b5acaa4323bd165077e60098af94ad9750d62fd Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Tue, 18 Jan 2011 13:52:48 +0100
Subject: disable automatic selection of FEATURE_SUID; improve its help text

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 Config.in | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'Config.in')

diff --git a/Config.in b/Config.in
index 140572e2d..1109b1016 100644
--- a/Config.in
+++ b/Config.in
@@ -328,10 +328,18 @@ config FEATURE_SUID
 	  symlinks pointing to each binary), and only set the suid bit on the
 	  one that needs it.
 
-	  The applets currently marked to need the suid bit are:
-
-	  crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,
-	  traceroute, vlock.
+	  The applets which require root rights (need suid bit or
+	  to be run by root) and will refuse to execute otherwise:
+	  crontab, login, passwd, su, vlock, wall.
+
+	  The applets which will use root rights if they have them
+	  (via suid bit, or because run by root), but would try to work
+	  without root right nevertheless:
+	  findfs, ping[6], traceroute[6], mount.
+
+	  Note that if you DONT select this option, but DO make busybox
+	  suid root, ALL applets will run under root, which is a huge
+	  security hole (think "cp /some/file /etc/passwd").
 
 config FEATURE_SUID_CONFIG
 	bool "Runtime SUID/SGID configuration via /etc/busybox.conf"
-- 
cgit v1.2.3