Based on a patch from Steven McDonald <steven@steven-mcdonald.id.au>:
This makes 'unshare --user' work correctly in the case where the user's
shell is provided by busybox itself.
'unshare --user' creates a new user namespace without any uid mappings.
As a result, /bin/busybox is setuid nobody:nogroup within the
namespace, as that is the only user. However, since no uids are mapped,
attempting to call setgid/setuid fails, even though this would do
nothing:
$ unshare --user ./busybox.broken ash
ash: setgid: Invalid argument
'unshare --map-root-user' still works, but because Linux only allows
uid/gid mappings to be set up once, creating a root mapping makes such
a namespace useless for creating multi-user containers.
With this patch, setgid and setuid will not be called in the case where
they would do nothing, which is always the case inside a new user
namespace because all uids are effectively mapped to nobody:
$ id -u
1000
$ ls -lh busybox.fixed
-rwsr-xr-x 1 root root 826.2K May 21 00:33 busybox.fixed
$ unshare --user ./busybox.fixed ash
$ id -u
65534
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Before this change, BB_EXTRA_VERSION of "" resulted in:
"BusyBox v1.28.0.git () multi-call binary"
message, after the fix it is:
"BusyBox v1.28.0.git multi-call binary"
While at it, eliminate BB_BT and BANNER single-use macros.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When this feature is enabled, blank passwords are not accepted by su
unless the user is on a secure TTY defined in /etc/securetty. This
resembles the default PAM configuration of some Linux distros which
specify the nullok_secure option for pam_unix.so.
Based on patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The "autolooped" mount (mount [-oloop] IMAGE /DIR/DIR)
always creates AUTOCLEARed loopdevs, so that umounting
drops them (and this does not require any code in the
umount userspace).
This happens since circa linux-2.6.25:
commit 96c5865559cee0f9cbc5173f3c949f6ce3525581
Date: Wed Feb 6 01:36:27 2008 -0800
Subject: Allow auto-destruction of loop devices
IOW: in this case, umount does not have to use -d
to drop the loopdev.
The explicit loop mount (mount /dev/loopN /DIR/DIR)
does not do this. In this case, umount without -d
should not drop loopdev.
Unfortunately, bbox umount currently always implies -d,
this probably needs fixing.
function old new delta
set_loop 537 597 +60
singlemount 1101 1138 +37
losetup_main 419 432 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 110/0) Total: 110 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
An example of such an error (should be compiled with DEBUG_SANITIZE):
runtime error: left shift of 1 by 31 places cannot be represented in
type 'int'
Signed-off-by: Rostislav Skudnov <rostislav@tuxera.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Good news that TLS_RSA_WITH_AES_256_CBC_SHA256 still works with new code ;)
This change adds inevitable extension to have different sized hashes and AES key sizes.
In libbb, md5_end() and shaX_end() are extended to return result size instead of void -
this helps *a lot* in tls (the cost is ~5 bytes per _end() function).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Many other appletw don't - they unconditionally use get_terminal_wodth(),
and here the amount of code saved by FEATURE_AUTOWIDTH=n is tiny.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Redundant help texts (one which only repeats the description)
are deleted.
Descriptions and help texts are trimmed.
Some config options are moved, even across menus.
No config option _names_ are changed.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
libbb/appletlib.c:558:12: warning: 'ingroup' defined but
not used [-Wunused-function]
static int ingroup(uid_t u, gid_t g)
^~~~~~~
That function is used only if FEATURE_SUID_CONFIG is also enabled.
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The selinux guys want you to get class values at runtime by converting
textual names into constants. Drop the deprecated headers and switch
to the new format.
This API has been around for years, so there shouldn't be an issue
with backwards compatibility.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
(1) restore entire sigaction, not only signal handler function
(2) do not use stdio when not sure WINCH did not interrupt a printf() or such.
function old new delta
cmdedit_setwidth - 81 +81
read_line_input 3682 3722 +40
lineedit_read_key 138 155 +17
put_prompt 55 51 -4
win_changed 93 47 -46
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/2 up/down: 138/-50) Total: 88 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
These key combinations should repeat correctly when the keys are
pressed and held.
Before this change, they do this erratically - many repeats are "eaten"
because they are treated as unrecognized ESC seqs:
ESC 0x7f is treated by Alt+baskspace, but ESC 0x7f ESC 0x7f ESC 0x7f
is unrecognized.
Escape sequences corresponding to these key combinations are moved from
read_line_input to lineedit_read_key.
Also, these key sequences are now enabled regardless of whether
FEATURE_EDITING_VI is set, since Vim does not actually support these key
combinations, but they are present in readline library.
function old new delta
static.esccmds 93 103 +10
read_line_input 3737 3687 -50
Signed-off-by: Rostislav Skudnov <rostislav@tuxera.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Allocation addresses of malloc() are jittery,
thought I had a mem leak in hush, but it was malloc variability.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Gives "mount -t cifs //fe80::6a05:caff:fe3e:dbf5%eth0/test test"
a chance to work: mount must pass "ip=numeric_IPv6%numeric_iface_id"
in the omunt option string. Currently, it does not.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Lauri Kasanen:
:: Over at TinyCore, we receive a huge number of questions of the type "I
:: got "short write", what does it mean?". Mostly for the rpi port and when
:: using bb wget.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Run this in a "sh SCRIPT":
sha256sum /dev/null
echo END
sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s.
By this time, entire script is read, and buffered in a FILE object
from fopen("SCRIPT"). But fgetc() did not consume entire input.
exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'.
(this may be libc-specific).
This change of fd position *is shared with the parent*!
Now parent can read more, and it thinks there is another "echo END".
End result: two "echo END"s are run.
Fix this by _exit()ing instead.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
On user request.
I thought enabling/disabling them all together is more consistent.
Evidently, some people do want them to be separately selectable.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When busybox is configured to contain a single applet an unnecessary
declaration of run_applet_and_exit results in a warning. Move the
declaration to avoid this.
Reported-by: Lauri Kasanen <curaga@operamail.com>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Both calls to run_applet_and_exit are followed by the same code
to print an error message and return status 127. Remove this
duplication and make run_applet_and_exit static.
function old new delta
run_applet_and_exit 675 667 -8
main 119 92 -27
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-35) Total: -35 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
A recent commit made it possible to disable BusyBox's --install
and --list options. However it also stopped "busybox <applet>
<params>" from working.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If it's disabled, code shrinks by about 900 bytes:
function old new delta
usr_bin 10 - -10
usr_sbin 11 - -11
install_dir 20 - -20
applet_install_loc 184 - -184
run_applet_and_exit 686 21 -665
------------------------------------------------------------------------------
(add/remove: 0/4 grow/shrink: 0/1 up/down: 0/-890) Total: -890 bytes
text data bss dec hex filename
911327 493 7336 919156 e0674 busybox_old
909848 493 7336 917677 e00ad busybox_unstripped
but busybox executable by itself does not say anything useful:
$ busybox
busybox: applet not found
Based on the patch by Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The result of looking at "grep -F -B2 '*fill*' busybox_unstripped.map"
text data bss dec hex filename
829901 4086 1904 835891 cc133 busybox_before
829665 4086 1904 835655 cc047 busybox
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The loop
for (j = ARRAY_SIZE(applet_nameofs)-1; j >= 0; j--) {
was intended to terminate when j goes negative, so j needs to be signed.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The array applet_nameofs consumes two bytes per applet. It encodes
nofork/noexec flags
suid flags
the offset of the applet name in the applet_name string
Change the applet_table build tool to store the flags in two separate
arrays (applet_flags and applet_suid). Replace applet_nameofs[] with a
smaller version that only stores a limited number of offsets.
This requires changes to the macros APPLET_IS_NOFORK, APPLET_IS_NOEXEC
and APPLET_SUID.
According to Valgrind the original find_applet_by_name required
353 cycles per call, averaged over all names. Adjusting the number
of known offsets allows space to be traded off against execution time:
KNOWN_OFFSETS cycles bytes (wrt KNOWN_OFFSETS = 0)
0 9057 -
2 4604 32
4 2407 75
8 1342 98
16 908 130
32 884 194
This patch uses KNOWN_OFFSETS = 8.
v2:
Remove some dead code from the applet_table tool;
Treat the applet in the middle of the table as a special case.
v3:
Use the middle applet to adjust the start of the linear search as
well as the last applet found.
v4:
Use an augmented linear search in find_applet_by_name.
Drop the special treatment of the middle name from get_applet_name:
most of the advantage now derives from the last stored value.
v5:
Don't store index in applet_nameofs, it can be calculated.
v6:
Tweaks by Denys
function old new delta
find_applet_by_name 25 125 +100
applet_suid - 92 +92
run_applet_no_and_exit 452 460 +8
run_applet_and_exit 695 697 +2
applet_name_compare 31 - -31
applet_nameofs 734 14 -720
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 3/1 up/down: 202/-751) Total: -549 bytes
text data bss dec hex filename
925464 906 17160 943530 e65aa busybox_old
924915 906 17160 942981 e6385 busybox_unstripped
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
In standalone shell mode search the applet table as well as PATH
when tab completing a command.
Use a stupid linear search: we're also about to read all the
directories on PATH so efficiency isn't a big concern.
function old new delta
add_match - 53 +53
complete_cmd_dir_file 687 724 +37
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/0 up/down: 90/0) Total: 90 bytes
Signed-off-by: Ron Yorston <rmy@frippery.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
MONOTONIC_SYSCALL=y by default
FEATURE_LAST_SMALL is gone: now FEATURE_LAST_FANCY is a "bool", not a "choice".
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
systemd people are not willing to play nice with the rest of the world.
Therefore there is no reason for the rest of the world to cooperate with them.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
invarg(a,b) - "invalid argument", but how a and b enter the message?
invarg_1_to_2(a,b) is somewhat easier to read: "invalid argument 'a' to 'b'"
Audit of usage revealed a number of bad uses, with too long messages.
text data bss dec hex filename
938848 932 17448 957228 e9b2c busybox_old
938788 932 17448 957168 e9af0 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
For CONFIG_MD5_SMALL=1:
function old new delta
md5_process_block64 925 881 -44
For CONFIG_MD5_SMALL=0:
function old new delta
md5_process_block64 1603 1586 -17
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Test corner cases too like looking for an empty prefix etc.
Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Since there is no interest in merging a config option for WANT_TIMING,
remove the parts of code depending on it altogether.
While we're at it: add some newlines to improve readability.
Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
In the initial submission struct bbunit_listelem was manipulated by
custom list functions implemented in bbunit.c. Since the tests are now
added to the list by llist_add_to_end(), which allocates the llist_t
objects behind the scenes, there's no need for the *next field.
function old new delta
unit_main 142 141 -1
bbunit_strrstr_elem 24 16 -8
bbunit_obscure_weak_pass_elem 24 16 -8
bbunit_obscure_strong_pass_elem 24 16 -8
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/4 up/down: 0/-25) Total: -25 bytes
Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Introduce a library routine to package the idiom:
p = xmalloc(b, n);
memcpy(p, b, n);
and use it where possible. The example in traceroute used xzalloc
but it didn't need to.
function old new delta
xmemdup - 32 +32
last_main 834 826 -8
make_device 2321 2311 -10
common_traceroute_main 3698 3685 -13
readtoken1 3182 3168 -14
procps_scan 1222 1206 -16
forkchild 655 638 -17
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/6 up/down: 32/-78) Total: -46 bytes
Signed-off-by: Ron Yorston <rmy@frippery.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Linux recently gained a new config option, CONFIG_MULTIUSER, that makes
support for non-root users optional. This results in a number of syscalls
being disabled: setuid, setregid, setgid, setreuid, setresuid, getresuid,
setresgid, getresgid, setgroups, getgroups, setfsuid, setfsgid, capget,
capset.
Currently a number of busybox applets, including login, struggle to run
when CONFIG_MULTIUSER is disabled. Even the root user is unable to login:
login: can't set groups: Functi
This patch adds code to make change_identity() a nop on single user
systems. It works by recognising the signature errno value (ENOSYS, due
to the system calls being disabled) and, to avoid security risks, only
deploys when the current uid and target uid is the same.
After the patch is applied any attempt to switch to a non-root user will
fail. Thus a badly configured userspace (for example, one that tries to
start a daemon as a non-root user when the kernel cannot support this)
will report errors as one would expect.
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This also removes their help texts.
function old new delta
run_applet_no_and_exit 442 452 +10
packed_usage 30713 30625 -88
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Copyright years seem to be out of date, e.g. coreutils/truncate.c
has Copyright (C) 2015.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
UTMP is SVID legacy, UTMPX is mandated by POSIX.
Glibc and uClibc have identical layout of UTMP and UTMPX, both of these
libc treat _PATH_UTMPX as _PATH_UTMP so from a user-perspective nothing
changes except the names of the API entrypoints.
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
This way it can be used by other applets without duplication.
Signed-off-by: Ari Sundholm <ari@tuxera.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
loopinfo.lo_file_name is not enough to uniquely identify a file on a system with
multiple mount namespaces. We could conceivably change this to dedup on
(lo_rdevice, lo_inode), but, as the comment above the deleted code notes, this
whole approach of reusing devices is racy anyway, so it seems better to stop
doing it entirely.
Signed-off-by: Kevin Wallace <k@igneous.io>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
In vi-mode lineedit tries to detect some escape sequences.
After the ESC it reads the next character to check for certain
values. This read should have a timeout or a user-entered ESC to
switch to command mode doesn't properly handle the next character.
Signed-off-by: Ron Yorston <rmy@tigress.co.uk>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Busybox already uses sendfile in httpd. This patch proposes to use it
globally to copy data between file descriptors.
It speeds up the copying on slow systems a lot - below are the times needed
to copy a 450Mb file with and without this option enabled on a BeagleBone
Black:
sendfile:
user 0m0.000s
sys 0m8.170s
read/write 4k:
user 0m0.470s
sys 0m16.300s
function old new delta
bb_full_fd_action 394 474 +80
Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Sometimes ARG_MAX is small (like 32k) yet sysconf(_SC_ARG_MAX)
is big, and people prefer using the bigger value.
OTOH, with sufficiently large ARG_MAX, further wins from
sysconf(_SC_ARG_MAX) being bigger are exponentially smaller:
you can see 4 times fewer fork+execs when you run find, but
when each execed process already takes a thousand parameters
it's likely execution time is dominated by what that process
does with each parameter.
Thus, with this change ARG_MAX is used if it's sufficiently big,
otherwise sysconf(_SC_ARG_MAX) is used.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This makes "G" (goto end of input) command work as well as
/search_for_nonexistent_string: both will read to EOF now
even from somewhat slow input (such as kernel's "git log").
function old new delta
ndelay_on 35 43 +8
ndelay_off 35 43 +8
read_lines 695 691 -4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 16/-4) Total: 12 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
It is not clear why we were excluding init from this.
The "getpid() != 1" clause was there from the beginning (2001)
but not explained.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
It is an interesting trick, but so far I only managed to make it work
correctly, not to make it faster and/or smaller.
The code is ifdefed out for now.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This set of patches adds a simple unit-testing framework to Busybox
unit-tests: add some helper macros for unit-test framework implementation
unit-tests: implement the unit-testing framework
unit-tests: add basic documentation on writing the unit test cases
unit-tests: modify the Makefile 'test' target to run unit-tests too
unit-tests: add two example test cases
unit-tests: modify the existing strrstr test code to use the unit-test framework
Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The find utility uses a hardcoded value of 32 * 1024 as the limit of
the command-line length when calling 'find -exec ... {} +'. This results
in over 4 times more execve() calls than in coreutils' find.
This patch uses the limit defined in system headers.
Based on the patch by Bartosz Golaszewski <bartekgola@gmail.com>.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
POSIX.1-2008 removed the usleep function, provide a fallback
implementaion using the recommended nanosleep().
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When you build with FEATURE_INSTALLER disabled, you get a build
warning like so:
libbb/appletlib.c: In function 'busybox_main':
libbb/appletlib.c:691:7: warning: variable 'use_symbolic_links' set but
not used [-Wunused-but-set-variable]
int use_symbolic_links;
^
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This is needed for, eg, hurd, which is known to have no constraints.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Currently, sed pre-opens all files, which may cause EMFILE errors
on systems with low ulimit -n. Change sed to open one file at a time.
function old new delta
get_next_line 177 235 +58
sed_main 682 652 -30
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 58/-30) Total: 28 bytes
Based on the patch by Daniel Borca <dborca@yahoo.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>