Decided to not make any flash applets NOEXEC.
Minor robustifications here and there. Better error messages. Save on strings:
function old new delta
ubi_tools_main 1235 1288 +53
ubi_get_volid_by_name 125 133 +8
ubirename_main 198 204 +6
get_num_from_file 90 94 +4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/0 up/down: 71/0) Total: 71 bytes
text data bss dec hex filename
915696 485 6880 923061 e15b5 busybox_old
915670 485 6880 923035 e159b busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
By the time we reach exit in parent, child already exited or execed.
We should not re-run libc cleanup code.
While at it, introduce bb_daemon_helper() and add a few comments.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Two reasons:
* it's only built for GNU C Library versions < 2 (released 1997)
* it isn't used anywhere in BusyBox
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Based on a patch from Steven McDonald <steven@steven-mcdonald.id.au>:
This makes 'unshare --user' work correctly in the case where the user's
shell is provided by busybox itself.
'unshare --user' creates a new user namespace without any uid mappings.
As a result, /bin/busybox is setuid nobody:nogroup within the
namespace, as that is the only user. However, since no uids are mapped,
attempting to call setgid/setuid fails, even though this would do
nothing:
$ unshare --user ./busybox.broken ash
ash: setgid: Invalid argument
'unshare --map-root-user' still works, but because Linux only allows
uid/gid mappings to be set up once, creating a root mapping makes such
a namespace useless for creating multi-user containers.
With this patch, setgid and setuid will not be called in the case where
they would do nothing, which is always the case inside a new user
namespace because all uids are effectively mapped to nobody:
$ id -u
1000
$ ls -lh busybox.fixed
-rwsr-xr-x 1 root root 826.2K May 21 00:33 busybox.fixed
$ unshare --user ./busybox.fixed ash
$ id -u
65534
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Before this change, BB_EXTRA_VERSION of "" resulted in:
"BusyBox v1.28.0.git () multi-call binary"
message, after the fix it is:
"BusyBox v1.28.0.git multi-call binary"
While at it, eliminate BB_BT and BANNER single-use macros.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When this feature is enabled, blank passwords are not accepted by su
unless the user is on a secure TTY defined in /etc/securetty. This
resembles the default PAM configuration of some Linux distros which
specify the nullok_secure option for pam_unix.so.
Based on patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The "autolooped" mount (mount [-oloop] IMAGE /DIR/DIR)
always creates AUTOCLEARed loopdevs, so that umounting
drops them (and this does not require any code in the
umount userspace).
This happens since circa linux-2.6.25:
commit 96c5865559cee0f9cbc5173f3c949f6ce3525581
Date: Wed Feb 6 01:36:27 2008 -0800
Subject: Allow auto-destruction of loop devices
IOW: in this case, umount does not have to use -d
to drop the loopdev.
The explicit loop mount (mount /dev/loopN /DIR/DIR)
does not do this. In this case, umount without -d
should not drop loopdev.
Unfortunately, bbox umount currently always implies -d,
this probably needs fixing.
function old new delta
set_loop 537 597 +60
singlemount 1101 1138 +37
losetup_main 419 432 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 110/0) Total: 110 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
An example of such an error (should be compiled with DEBUG_SANITIZE):
runtime error: left shift of 1 by 31 places cannot be represented in
type 'int'
Signed-off-by: Rostislav Skudnov <rostislav@tuxera.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Good news that TLS_RSA_WITH_AES_256_CBC_SHA256 still works with new code ;)
This change adds inevitable extension to have different sized hashes and AES key sizes.
In libbb, md5_end() and shaX_end() are extended to return result size instead of void -
this helps *a lot* in tls (the cost is ~5 bytes per _end() function).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>