disable automatic selection of FEATURE_SUID; improve its help text

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

Config.in

@@ -328,10 +328,18 @@ config FEATURE_SUID
 	  symlinks pointing to each binary), and only set the suid bit on the
 	  one that needs it.
 
-	  The applets currently marked to need the suid bit are:
+	  The applets which require root rights (need suid bit or
+	  to be run by root) and will refuse to execute otherwise:
+	  crontab, login, passwd, su, vlock, wall.
 
-	  crontab, dnsd, findfs, ipcrm, ipcs, login, passwd, ping, su,
+	  The applets which will use root rights if they have them
-	  traceroute, vlock.
+	  (via suid bit, or because run by root), but would try to work
+	  without root right nevertheless:
+	  findfs, ping[6], traceroute[6], mount.
+
+	  Note that if you DONT select this option, but DO make busybox
+	  suid root, ALL applets will run under root, which is a huge
+	  security hole (think "cp /some/file /etc/passwd").
 
 config FEATURE_SUID_CONFIG
 	bool "Runtime SUID/SGID configuration via /etc/busybox.conf"

include/applets.src.h

@@ -18,6 +18,8 @@ s     - suid type:
         _BB_SUID_MAYBE: neither of the above
         (every instance of _BB_SUID_REQUIRE and _BB_SUID_MAYBE
         needs to be justified in comment)
+        NB: please update FEATURE_SUID help text whenever you add/remove
+        _BB_SUID_REQUIRE or _BB_SUID_MAYBE applet.
 */
 
 #if defined(PROTOTYPES)

loginutils/Config.src

@@ -186,7 +186,6 @@ config GETTY
 config LOGIN
 	bool "login"
 	default y
-	select FEATURE_SUID
 	select FEATURE_SYSLOG
 	help
 	  login is used when signing onto a system.
@@ -229,7 +228,6 @@ config FEATURE_SECURETTY
 config PASSWD
 	bool "passwd"
 	default y
-	select FEATURE_SUID
 	select FEATURE_SYSLOG
 	help
 	  passwd changes passwords for user and group accounts. A normal user
@@ -265,7 +263,6 @@ config CHPASSWD
 config SU
 	bool "su"
 	default y
-	select FEATURE_SUID
 	select FEATURE_SYSLOG
 	help
 	  su is used to become another user during a login session.
@@ -295,7 +292,6 @@ config SULOGIN
 config VLOCK
 	bool "vlock"
 	default y
-	select FEATURE_SUID
 	help
 	  Build the "vlock" applet which allows you to lock (virtual) terminals.
 

miscutils/Config.src

@@ -170,7 +170,6 @@ config FEATURE_CROND_DIR
 config CRONTAB
 	bool "crontab"
 	default y
-	select FEATURE_SUID
 	help
 	  Crontab manipulates the crontab for a particular user. Only
 	  the superuser may specify a different user and/or crontab directory.

util-linux/Config.src

@@ -361,7 +361,6 @@ config FEATURE_HWCLOCK_ADJTIME_FHS
 config IPCRM
 	bool "ipcrm"
 	default y
-	select FEATURE_SUID
 	help
 	  The ipcrm utility allows the removal of System V interprocess
 	  communication (IPC) objects and the associated data structures
@@ -371,7 +370,6 @@ config IPCS
 	bool "ipcs"
 	default y
 	depends on PLATFORM_LINUX
-	select FEATURE_SUID
 	help
 	  The ipcs utility is used to provide information on the currently
 	  allocated System V interprocess (IPC) objects in the system.