Commit Graph

1490 Commits

Author SHA1 Message Date
Denys Vlasenko
036585a911 getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.

The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS	FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS	FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS		FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS	FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS	FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS	FEATURE_RUNCON_LONG_OPTIONS

They either had a small number of long options, or their long options are
essential.

Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.

To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
	#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
                /* We try to use --gid, not -g, because "standard" addgroup
                 * has no short option -g, it has only long --gid.
                 */
                argv[1] = (char*)"--gid";
	#else
                /* Breaks if system in fact does NOT use busybox addgroup */
                argv[1] = (char*)"-g";
	#endif

xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.

hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime

Shorten help texts by omitting long option when short opt alternative exists.

Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.

function                                             old     new   delta
getopt32                                            1350      22   -1328
vgetopt32                                              -    1318   +1318
getopt32long                                           -      24     +24
tftpd_main                                           562     567      +5
scan_recursive                                       376     380      +4
collect_cpu                                          545     546      +1
date_main                                           1096    1095      -1
hostname_main                                        262     259      -3
uname_main                                           259     255      -4
setpriv_main                                         362     358      -4
rmdir_main                                           191     187      -4
mv_main                                              562     558      -4
ipcalc_main                                          548     544      -4
ifenslave_main                                       641     637      -4
gzip_main                                            192     188      -4
gunzip_main                                           77      73      -4
fsfreeze_main                                         81      77      -4
flock_main                                           318     314      -4
deluser_main                                         337     333      -4
cp_main                                              374     370      -4
chown_main                                           175     171      -4
applet_long_options                                    4       -      -4
xargs_main                                           894     889      -5
wget_main                                           2540    2535      -5
udhcpc_main                                         2767    2762      -5
touch_main                                           436     431      -5
tar_main                                            1014    1009      -5
start_stop_daemon_main                              1033    1028      -5
sed_main                                             682     677      -5
script_main                                         1082    1077      -5
run_parts_main                                       330     325      -5
rtcwake_main                                         459     454      -5
od_main                                             2169    2164      -5
nl_main                                              201     196      -5
modprobe_main                                        773     768      -5
mkdir_main                                           160     155      -5
ls_main                                              568     563      -5
install_main                                         773     768      -5
hwclock_main                                         411     406      -5
getopt_main                                          622     617      -5
fstrim_main                                          256     251      -5
env_main                                             198     193      -5
dumpleases_main                                      635     630      -5
dpkg_main                                           3991    3986      -5
diff_main                                           1355    1350      -5
cryptpw_main                                         233     228      -5
cpio_main                                            593     588      -5
conspy_main                                         1135    1130      -5
chpasswd_main                                        313     308      -5
adduser_main                                         887     882      -5
addgroup_main                                        416     411      -5
ftpgetput_main                                       351     345      -6
get_terminal_width_height                            242     234      -8
expand_main                                          690     680     -10
static.expand_longopts                                18       -     -18
static.unexpand_longopts                              27       -     -27
mkdir_longopts                                        28       -     -28
env_longopts                                          30       -     -30
static.ifenslave_longopts                             34       -     -34
mv_longopts                                           46       -     -46
static.rmdir_longopts                                 48       -     -48
packed_usage                                       31739   31687     -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840)      Total: -488 bytes
   text	   data	    bss	    dec	    hex	filename
 915681	    485	   6880	 923046	  e15a6	busybox_old
 915428	    485	   6876	 922789	  e14a5	busybox_unstripped

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 17:09:40 +02:00
Denys Vlasenko
00677b5e35 *: fix up use of "getopt_longopts" for longopts not in getopt applet
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 14:59:35 +02:00
Denys Vlasenko
90ad4ba9db ipcalc,rdev: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 00:42:15 +02:00
Denys Vlasenko
ec98e3a628 freeramdisk: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 23:17:14 +02:00
Denys Vlasenko
ae84418d26 losetup: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 23:14:49 +02:00
Denys Vlasenko
354b104df1 fatattr: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 22:21:54 +02:00
Denys Vlasenko
1a1203ff89 users,w,who,uptime,renice: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 16:47:34 +02:00
Denys Vlasenko
4dea1edd08 script: -f means "flush", not "fsync"
function                                             old     new   delta
packed_usage                                       31765   31768      +3
script_main                                         1102    1082     -20

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 02:21:34 +02:00
Denys Vlasenko
269b36a49a script: make -t[FILE] compatible with util-linux
function                                             old     new   delta
script_main                                         1056    1102     +46
packed_usage                                       31736   31765     +29
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 75/0)               Total: 75 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 02:12:36 +02:00
Denys Vlasenko
dd55d5d53c script: make -t independent of scriptreplay
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 01:53:17 +02:00
Denys Vlasenko
b9be780705 sv,svc: fix NOEXEC fallout
function                                             old     new   delta
svc_main                                             145     162     +17
sv                                                  1280    1297     +17
status                                               139     133      -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 34/-6)              Total: 28 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 21:23:03 +02:00
Denys Vlasenko
035e71578e readprofile: do not close/free just before exiting
function                                             old     new   delta
readprofile_main                                    1784    1762     -22

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:39:27 +02:00
Denys Vlasenko
277081e0a4 blkdiscard: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:20:47 +02:00
Denys Vlasenko
bf18239e3d blkid: make it NOEXEC, make FEATURE_BLKID_TYPE=y default
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:16:28 +02:00
Denys Vlasenko
3239ab89c9 lspci,lsscsi,lsusb: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 23:28:19 +02:00
Denys Vlasenko
83a6c8d58b umount: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 23:21:02 +02:00
Denys Vlasenko
fdb92359e4 pivot_root: make it NOFORK
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:51:12 +02:00
Denys Vlasenko
9f59849daa blockdev, fsfreeze, fstrim, mountpoint: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:29:12 +02:00
Denys Vlasenko
5c527dc57e make 17 state-changing execing applets (ex: "nice PROG ARGS") noexec
The applets with "<applet> [opts] PROG ARGS" API very quickly exec
another program, noexec is okay for them:

 chpst/envdir/envuidgid/softlimit/setuidgid
 chroot
 chrt
 ionice
 nice
 nohup
 setarch/linux32/linux64
 taskset
 cttyhack

"reset" and "sulogin" applets don't have this form, but also exec
another program at once, thus made noexec too.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 19:55:01 +02:00
Denys Vlasenko
6514785f95 mesg: make in NOFORK
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 19:16:01 +02:00
Denys Vlasenko
74c05f5b2c chat: trim help text
Noticed while auditing nofork/noexec status

function                                             old     new   delta
packed_usage                                       31777   31747     -30

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 17:36:16 +02:00
Denys Vlasenko
72d725d7cc getopt: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 19:30:21 +02:00
Denys Vlasenko
84ea60ed65 line editing: make read_line_input() not take timeout param
It's almost always -1.

function                                             old     new   delta
read_line_input                                     3902    3912     +10
new_line_input_t                                      24      31      +7
pgetc                                                583     585      +2
save_command_ps_at_cur_history                        80      78      -2
read_line                                             76      74      -2
fgetc_interactive                                    246     244      -2
addLines                                              84      82      -2
doCommands                                          2226    2222      -4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/5 up/down: 19/-12)              Total: 7 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02 17:27:28 +02:00
Denys Vlasenko
95f7953f2c do not use `a' quoting style in comments
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02 14:26:33 +02:00
Denys Vlasenko
5b3cbe3a53 config: more tweaking of help texts
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-27 14:45:25 +02:00
Denys Vlasenko
e9a5a6985c rdate: tweak comments, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-27 14:31:59 +02:00
Denys Vlasenko
8cae43c5d7 swapon: do not use FEATURE_MOUNT_LABEL, have your own FEATURE_SWAPONOFF_LABEL
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-27 10:58:08 +02:00
Denys Vlasenko
68b653b66b config: trim/improve item names and help texts, take 2
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-27 10:53:09 +02:00
Denys Vlasenko
73c47f6c41 volume_id: enable minix detection
function                                             old     new   delta
volume_id_probe_minix                                  -      87     +87
fs2                                                   64      68      +4
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 1/0 up/down: 91/0)               Total: 91 bytes

Patch by wdlkmpx <wdlkmpx@gmail.com>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-25 14:22:08 +02:00
Denys Vlasenko
72089cf6b4 config: deindent all help texts
Those two spaces after tab have no effect, and always a nuisance when editing.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-21 09:50:55 +02:00
Denys Vlasenko
61f9d76ec5 swapon/swapoff: trim config help text
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-19 14:39:30 +02:00
Denys Vlasenko
ae178cee3d Update remaining menuconfig items with approximate applet sizes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-19 14:32:54 +02:00
Denys Vlasenko
4eed2c6c50 Update menuconfig items with approximate applet sizes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-18 22:01:24 +02:00
Denys Vlasenko
08dfafc437 fix more instances of ": $((a++))" in shell scripts
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-15 19:20:45 +02:00
Denys Vlasenko
8ea061eac3 blkdiscard: provide our own BLK[SEC]DISCARD if necessary
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-15 13:53:41 +02:00
Denys Vlasenko
ce55284ed6 inetd,mount: do not die if uclibc without RPC is detected
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-10 14:43:22 +02:00
Denys Vlasenko
b0c0b6d5ba setpriv: remove dependency on libcap headers
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 17:59:40 +02:00
Denys Vlasenko
2bfe7838ab setpriv: factor out capability name printing
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 16:09:45 +02:00
Denys Vlasenko
cf5748cc89 setpriv: code shrink, and grouping capability code together
function                                             old     new   delta
static.versions                                        -       3      +3
getcaps                                              174     149     -25

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 16:00:07 +02:00
Patrick Steinhardt
6842d00ceb setpriv: allow modifying ambient capabilities
With Linux 4.3, a new set of capabilities has been introduced with the
ambient capabilities. These aim to solve the problem that it was
impossible to grant run programs with elevated privileges across
non-root users. Quoting from capabilities(7):

    This is a set of capabilities that are preserved across an execve(2)
    of a program that is not privileged.  The ambient capability set
    obeys the invariant that no capability can ever be ambient if it is
    not both permitted and inheritable.

With this new set of capabilities it is now possible to run an
executable with elevated privileges as a different user, making it much
easier to do proper privilege separation.

Note though that the `--ambient-caps` switch is not part of any released
version of util-linux, yet. It has been applied in 0c92194ee (setpriv:
support modifying the set of ambient capabilities, 2017-06-24) and will
probably be part of v2.31.

function                                             old     new   delta
parse_cap                                              -     174    +174
setpriv_main                                        1246    1301     +55
.rodata                                           146307  146347     +40
static.setpriv_longopts                               40      55     +15
packed_usage                                       32092   32079     -13

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 02:14:23 +02:00
Patrick Steinhardt
0f49f6f926 setpriv: allow modifying inheritable caps
The main use case of setpriv is to modify the current state of
privileges available to the calling process and spawn a new executable
with the modified, new state. Next to the already supported case of
modifying the no-new-privs flag, util-linux also supports to modify
capability sets.

This commit introduces to add or drop capabilities from the set of
inheritable capabilities. Quoting from capabilities(7):

    This is a set of capabilities preserved across an execve(2).
    Inheritable capabilities remain inheritable when executing any
    program, and inheritable capabilities are added to the permitted set
    when executing a program that has the corresponding bits set in the
    file inheritable set.

As such, inheritable capabilities enable executing files with certain
privileges if the file itself has these privileges set. Note though that
inheritable capabilities are dropped across execve when running as a
non-root user.

function                                             old     new   delta
getcaps                                                -     237    +237
setpriv_main                                        1129    1246    +117
.rodata                                           146198  146307    +109
static.setpriv_longopts                               29      40     +11
packed_usage                                       32107   32092     -15

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 01:59:45 +02:00
Patrick Steinhardt
5e0987405c setpriv: dump ambient capabilities
As with the previous commit, this commit introduces the ability to dump
the set of ambient capabilities.

function                                             old     new   delta
setpriv_main                                         982    1129    +147
.rodata                                           146148  146198     +50

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 23:02:33 +02:00
Patrick Steinhardt
f34c701fa8 setpriv: dump capability bounding set
As with the previous commit, this one implements the ability to dump the
capability bounding set.

function                                             old     new   delta
setpriv_main                                         838     982    +144
.rodata                                           146101  146148     +47

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:59:23 +02:00
Patrick Steinhardt
ad63102943 setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.

By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.

To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:

function                                             old     new   delta
.rodata                                           145969  146405    +436
setpriv_main                                         467     842    +375
capabilities                                           -     304    +304

And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:

function                                             old     new   delta
setpriv_main                                         467     838    +371
.rodata                                           145969  146101    +132

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
Patrick Steinhardt
10c53b85c9 setpriv: dump no-new-privs info
Introduce the ability to dump the state of the no-new-privs flag, which
states whethere it is allowed to grant new privileges.

function                                             old     new   delta
setpriv_main                                         419     467     +48
.rodata                                           145926  145969     +43

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:27:22 +02:00
Denys Vlasenko
6798486141 setpriv: dump user and group info
setpriv from util-linux has an option to dump the current state
regarding privilege settings via '--dump'. It prints out information on
the real and effective user and group IDs, supplementary groups, the
no-new-privs flag, the capability sets as well as secure bits.

This patch is the start of supporting this mode. To make introduction of
the '--dump' easier to reason about, its introduction has been split
into multiple patches. This particular one introduces the ability to
print out user and group information of the current process.

function                                             old     new   delta
setpriv_main                                          89     322    +233
getresuid                                              -      41     +41
getresgid                                              -      41     +41
static.setpriv_longopts                               22      29      +7
packed_usage                                       31675   31669      -6
------------------------------------------------------------------------------
(add/remove: 4/0 grow/shrink: 2/1 up/down: 322/-6)            Total: 316 bytes

Patch by Patrick Steinhardt <ps@pks.im>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 18:59:11 +02:00
Patrick Steinhardt
6a3bcf340a setpriv: prepare option parsing logic for additional opts
The current option parsing logic of setpriv only supports the case where
we want to execute a sub-program and have at most one argument. Refactor
handling of options to solve these shortcomings to make it easy to
support 'setpriv --dump', which does not accept any additional
arguments, as well as the case where additional options are passed to
setpriv. This is done by handling 'argc' ourselves, throwing an error
when no program is specified, as well as introducing an enum for the
different option bitmasks.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 17:15:32 +02:00
Patrick Steinhardt
d253b557a3 setpriv: do not process remaining args
By default, the 'getopt32' call will continue parsing the command line
even after hitting a non-option string. But in setpriv, this should be
avoided, as all parameters following the initial non-option argument are
in fact arguments to the binary that is to be executed by setpriv.
Otherwise, calling e.g. 'busybox setpriv ls -l' would result in an error
due to the unknown parameter "-l".

Fix the issue by passing "+" as the first character in the options
string. This will cause 'getopt32' to stop processing after hitting the
first non-option.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 17:10:31 +02:00
Denys Vlasenko
d4e4fdb5ce fixes for bugs found by make_single_applets.sh
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-03 21:31:16 +02:00
Denys Vlasenko
45100b8d07 unshare: fix help text; select LONG_OPTS instead depending on them
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-06-14 16:20:02 +02:00