Commit Graph

15246 Commits

Author SHA1 Message Date
Denys Vlasenko
feb79e8742 cryptpw, mkpasswd: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 02:08:23 +02:00
Denys Vlasenko
ff53bee723 chvt, deallocvt, dumpkmap, fgconsole, loadkmap: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 02:02:31 +02:00
Denys Vlasenko
fdb92359e4 pivot_root: make it NOFORK
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:51:12 +02:00
Denys Vlasenko
9c49d6e11b partprobe: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:46:39 +02:00
Denys Vlasenko
a453ca576f sv, svc: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:42:08 +02:00
Denys Vlasenko
754e9f96de svc: fix a case where with more than option, getopt() state is not reset
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:38:55 +02:00
Denys Vlasenko
9f59849daa blockdev, fsfreeze, fstrim, mountpoint: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:29:12 +02:00
Denys Vlasenko
b182e9ad60 libbb: use _exit, not exit, in bb_daemonize_or_rexec()
By the time we reach exit in parent, child already exited or execed.
We should not re-run libc cleanup code.

While at it, introduce bb_daemon_helper() and add a few comments.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 23:04:17 +02:00
Denys Vlasenko
692eeb81a4 stty: make in NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 20:07:19 +02:00
Denys Vlasenko
5c527dc57e make 17 state-changing execing applets (ex: "nice PROG ARGS") noexec
The applets with "<applet> [opts] PROG ARGS" API very quickly exec
another program, noexec is okay for them:

 chpst/envdir/envuidgid/softlimit/setuidgid
 chroot
 chrt
 ionice
 nice
 nohup
 setarch/linux32/linux64
 taskset
 cttyhack

"reset" and "sulogin" applets don't have this form, but also exec
another program at once, thus made noexec too.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 19:55:01 +02:00
Denys Vlasenko
6514785f95 mesg: make in NOFORK
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 19:16:01 +02:00
Denys Vlasenko
947b2391c0 pmap: tweak help text, show usage if no params are given
Noticed while auditing nofork/noexec status

function                                             old     new   delta
pmap_main                                             70      80     +10
packed_usage                                       31747   31744      -3

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 18:37:34 +02:00
Denys Vlasenko
83d7785e41 runlevel: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 17:59:46 +02:00
Denys Vlasenko
6bec24c4f5 mktemp: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 17:39:05 +02:00
Denys Vlasenko
74c05f5b2c chat: trim help text
Noticed while auditing nofork/noexec status

function                                             old     new   delta
packed_usage                                       31777   31747     -30

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 17:36:16 +02:00
Denys Vlasenko
dd5a40246b getopt32: move support for "always treat first arg as option" to users (tar/ar)
Now getopt() never leaks (and never performs) any xmalloc's.

function                                             old     new   delta
ar_main                                              522     556     +34
tar_main                                             986    1014     +28
getopt32                                            1458    1350    -108
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 62/-108)           Total: -46 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 16:46:17 +02:00
Denys Vlasenko
727948e585 getopt32: factor out code to treat all args as options
Working towards making getopt32() xmalloc-free

function                                             old     new   delta
make_all_argv_opts                                     -      58     +58
top_main                                             914     912      -2
getopt32                                            1517    1458     -59
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 0/2 up/down: 58/-61)             Total: -3 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 16:33:23 +02:00
Denys Vlasenko
7f9d62d7f5 tweak NOFORK_NOEXEC.lst
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 16:01:39 +02:00
Denys Vlasenko
f8cdc7a2bc ash: BASH_XTRACEFD bashism
Based on patch by Johannes Schindelin <johannes.schindelin@gmx.de>

function                                             old     new   delta
evalcommand                                         1447    1500     +53

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 15:24:49 +02:00
Johannes Schindelin
7344755823 ash: remove no-longer-used variable
As of 035486c75 (ash: significant overhaul of redirect saving logic,
2017-07-31), the sv_pos variable is no longer used (just assigned to,
with no further effect).

Let's just remove it.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 14:52:08 +02:00
Denys Vlasenko
d329e34c96 ash: INT_OFF/INT_ON around run_nofork_applet()
function                                             old     new   delta
evalcommand                                         1441    1447      +6

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 14:50:03 +02:00
Denys Vlasenko
49e6bf2db9 sheel: improve comments on signal handling
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 14:28:16 +02:00
Denys Vlasenko
3346b4afc5 modutils: make them NOEXEC except depmod
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 02:56:39 +02:00
Denys Vlasenko
4dc86699b5 microcom: require exactly one non-option
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 02:01:45 +02:00
Denys Vlasenko
cfd392bea9 ash: add a fixme comment at run_nofork_applet
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 19:56:29 +02:00
Denys Vlasenko
19c9f31af1 nofork: fix a bug uncovered by hush testsuite (forgotten fflush)
function                                             old     new   delta
run_nofork_applet                                    280     287      +7

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 19:52:47 +02:00
Denys Vlasenko
72d725d7cc getopt: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 19:30:21 +02:00
Denys Vlasenko
39194f0309 new NOFORKs: pwdx,kill[all5],ttysize,realpath,readlink NOEXECs: date,resize
function                                             old     new   delta
run_nofork_applet                                    258     280     +22
readlink_main                                        112     123     +11
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 33/0)               Total: 33 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 19:03:32 +02:00
Denys Vlasenko
663ae52676 config: FEDORA_COMPAT option (so far only tweaks uname)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 03:46:14 +02:00
Denys Vlasenko
819b47aa35 new NOFORKs: clear, nproc, tty, uname, arch, unlink, which
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03 03:29:32 +02:00
Denys Vlasenko
39701204cf hush: do not accept "if() { echo; }" function def
function                                             old     new   delta
parse_stream                                        2634    2692     +58
msg_and_die_if_script                                  -      21     +21
syntax_error_unexpected_ch                            41      46      +5
syntax_error_at                                       14      18      +4
die_if_script                                         31      28      -3
setup_redirects                                      319     308     -11
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 3/2 up/down: 88/-14)             Total: 74 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02 19:46:14 +02:00
Denys Vlasenko
84ea60ed65 line editing: make read_line_input() not take timeout param
It's almost always -1.

function                                             old     new   delta
read_line_input                                     3902    3912     +10
new_line_input_t                                      24      31      +7
pgetc                                                583     585      +2
save_command_ps_at_cur_history                        80      78      -2
read_line                                             76      74      -2
fgetc_interactive                                    246     244      -2
addLines                                              84      82      -2
doCommands                                          2226    2222      -4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/5 up/down: 19/-12)              Total: 7 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02 17:27:28 +02:00
Denys Vlasenko
dd4b446f76 hush: make SIGINT handling visually less confusing
$ echo $$
18448
$ echo $? <wait here, run "kill -INT 18448" in other shell><press enter>
   <=== NOTHING??
$

That empty line does not look right. After this patch:

$ echo $$
18448
$ echo $? <wait here, run "kill -INT 18448" in other shell><press enter>
^C
$

function                                             old     new   delta
fgetc_interactive                                    245     246      +1

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02 16:52:12 +02:00
Denys Vlasenko
7c40ddd950 NOFORK fixes
"rm -i FILE" and "yes" can now be interrupted by ^C in hush.
This also now works:

$ usleep 19999999
^C
$ echo $?
130

function                                             old     new   delta
run_pipe                                            1668    1711     +43
pseudo_exec_argv                                     312     321      +9
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 52/0)               Total: 52 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02 16:37:39 +02:00
Denys Vlasenko
95f7953f2c do not use `a' quoting style in comments
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02 14:26:33 +02:00
Denys Vlasenko
18e781dc02 config: do not use `a' quoting in help texts
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02 14:12:48 +02:00
Denys Vlasenko
ec05df13b0 ash: align --login code with dash
Upstream commit:

    Date: Sun, 13 Jul 2008 22:34:50 +0800
    [OPTIONS] Added support for -l

    This patch adds support for the -l option (login shell) as required
    by the LSB.

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

It's a bit bigger, but gets rid of one global variable

function                                             old     new   delta
options                                              554     576     +22

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 19:43:47 +02:00
Denys Vlasenko
78b1b1b07a test: fix 4-argument case
Upstream dash commit:

    Date: Sun, 13 Jul 2008 19:20:10 +0800
    Fixed 3,4-argument cases for test per POSIX

    ----- Forwarded message from Gerrit Pape <pape@smarden.org> -----

    Subject: Bug#455828: dash: 4-argument test "test \( ! -e \)" yields an error
    Date: Fri, 28 Dec 2007 08:53:29 +0000
    From: Gerrit Pape <pape@smarden.org>
    To: Vincent Lefevre <vincent@vinc17.org>, 455828@bugs.debian.org

    On Thu, Dec 27, 2007 at 06:23:20PM +0100, Vincent Lefevre wrote:
    > On 2007-12-27 16:00:06 +0000, Gerrit Pape wrote:
    > > On Wed, Dec 12, 2007 at 02:18:47AM +0100, Vincent Lefevre wrote:
    > > > According to POSIX[*], "test \( ! -e \)" is a 4-argument test and is
    > > > here equivalent to "test ! -e". But dash (like ksh93 and bash) yields
    > > > an error:
    > > >
    > > > $ test \( ! -e \) || echo $?
    > > > test: 1: closing paren expected
    > > > 2
    > > > $ test ! -e || echo $?
    > > > 1
    > >
    > > Hi Vincent,
    > >
    > > the -e switch to test takes an argument, a pathname.
    >
    > According to POSIX, in both above examples, "-e" is *not* a switch,
    > just a string.
    >
    >   test \( ! -e \)
    >
    > means: return true if the string "-e" is empty, otherwhise return false.
    > The error in dash is that it incorrectly thinks that "-e" is a switch in
    > this context.

    I see, you're right.  Thanks, Gerrit.

    ----- End forwarded message -----

    This patch hard-codes the 3,4-argument cases in the way required by
    POSIX.

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

function                                             old     new   delta
test_main                                            370     421     +51

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 19:21:51 +02:00
Denys Vlasenko
cee603d921 hush: remove redundant "G_flag_return_in_progress = -1"
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 18:06:07 +02:00
Denys Vlasenko
5b3d2eb327 hush: fix "true | func_with_return" not allowing return.
function                                             old     new   delta
pseudo_exec_argv                                     305     312      +7

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 18:02:28 +02:00
Denys Vlasenko
d0fff9155b ash: fix display of ">&-" redirect in job strings
function                                             old     new   delta
cmdtxt                                               558     569     +11

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 14:32:18 +02:00
Denys Vlasenko
75481d3634 hush: functions have priority over builtins (!)
function                                             old     new   delta
pseudo_exec_argv                                     291     305     +14
run_pipe                                            1560    1555      -5
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 14/-5)               Total: 9 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 05:27:09 +02:00
Denys Vlasenko
bf1c344dfd hush: if STANDALONE, close interactive fd for NOEXECed children
function                                             old     new   delta
pseudo_exec_argv                                     291     305     +14

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 04:54:53 +02:00
Denys Vlasenko
32fdf2f9fc ash,hush: ">&10" redirects to script/tty fds should not work
The fact that shell has open fds to tty and/or scripts should be
unobservable, if possible. In particular, if redirect tries to dup
one of them via ">&script_fd", it's better to pretend that script_fd
is closed, and thus redirect fails with EBADF.

Fixes these two testcase failures:
ash-redir/redir_to_bad_fd.tests
hush-redir/redir_to_bad_fd3.tests

function                                             old     new   delta
redirect                                            1018    1129    +111
setup_redirects                                      250     359    +109
readtoken1                                          2651    2655      +4
cmdloop                                              185     187      +2
changepath                                           194     195      +1
save_fd_on_redirect                                  203     194      -9
evaltree                                             501     484     -17
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 5/2 up/down: 227/-26)           Total: 201 bytes
   text    data     bss     dec     hex filename
 914553     485    6848  921886   e111e busybox_old
 914754     485    6848  922087   e11e7 busybox_unstripped

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 04:35:18 +02:00
Denys Vlasenko
035486c750 ash: significant overhaul of redirect saving logic
New code is similar to what hush is doing.
Make CLOSED to -1: same as dash.
popredir() loses "restore" parameter: same as dash.
COPYFD_RESTORE bit is no longer necessary.

This change fixes this interactive bug:

	$ ls -l /proc/$$/fd 10>&-
	ash: can't set tty process group: Bad file descriptor
	ash: can't set tty process group: Bad file descriptor
	[1]+  Done(2)                    ls -l /proc/${\$}/fd 10>&4294967295

function                                             old     new   delta
unwindredir                                           29      27      -2
tryexec                                              154     152      -2
evaltree                                             503     501      -2
evalcommand                                         1369    1367      -2
cmdloop                                              187     185      -2
redirect                                            1029    1018     -11
popredir                                             153     123     -30
need_to_remember                                      36       -     -36
is_hidden_fd                                          68       -     -68
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 0/7 up/down: 0/-155)           Total: -155 bytes
   text    data     bss     dec     hex filename
 914572     485    6848  921905   e1131 busybox_old
 914553     485    6848  921886   e111e busybox_unstripped

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 04:21:46 +02:00
Denys Vlasenko
657e9005a9 hush: massage redirect code to be slightly more like ash
function                                             old     new   delta
save_fd_on_redirect                                    -     203    +203
xdup_CLOEXEC_and_close                                 -      75     +75
setup_redirects                                      245     250      +5
xdup_and_close                                        72       -     -72
save_fds_on_redirect                                 221       -    -221
------------------------------------------------------------------------------
(add/remove: 2/2 grow/shrink: 1/0 up/down: 283/-293)          Total: -10 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 04:08:09 +02:00
Denys Vlasenko
d07a15bd1b ash: remove REDIR_SAVEFD2
function                                             old     new   delta
evalcommand                                         1364    1369      +5
redirect                                            1055    1014     -41
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 5/-41)             Total: -36 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-31 04:05:51 +02:00
Denys Vlasenko
5f0a75f24b ash: if !ENABLE_ASH_EXPAND_PRMT, disable PSSYNTAX code
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-29 22:58:44 +02:00
Denys Vlasenko
1c79aeb6a8 ash: [REDIR] Fix popredir on abnormal exit from built-in
Upstream commit:

    Date: Thu, 27 May 2010 15:03:46 +0800
    [REDIR] Fix popredir on abnormal exit from built-in

    Just like the poplocalvar problem recently fixed, redirections
    can also be leaked in case of an abnormal exit.  This patch fixes
    it using the same method as poplocalvar, by storing the previous
    redirection state and restoring to that point.

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-29 22:51:52 +02:00
Denys Vlasenko
469998015f ash: [PARSER] Add FAKEEOFMARK for expandstr
Upstream commit:

    Date: Thu, 27 Dec 2007 13:54:16 +1100
    [PARSER] Add FAKEEOFMARK for expandstr

    Previously expandstr used the string "" to indicate that it needs to be
    treated just like a here-doc except that there is no terminator.  However,
    the string "" is in fact a valid here-doc terminator so now that we deal
    with it correctly expandstr no longer works in the presence of new-lines
    in the prompt.

    This patch introduces the FAKEEOFMARK macro which does not equal any
    real EOF marker but is distinct from the NULL pointer which is used to
    indicate non-here-doc contexts.

    Thanks to Markus Triska for reporting this regression.

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Unfortunately, I did not find the failing example for this old fix.

I also tweaked the code which was added by this commit:
"
Date: Mon Sep 24 18:30:02 2007 +0000
ash: fix prompt expansion (Natanael Copa <natanael.copa@gmail.com>)
"
since other parts of code do expect expandstr() to use DQSYNTAX, not PSSYNTAX.

function                                             old     new   delta
parse_stream                                        2609    2634     +25
setprompt_if                                         128     133      +5
read_profile                                          32      37      +5
evalcommand                                         1334    1339      +5
expandstr                                            122     120      -2
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/1 up/down: 40/-2)              Total: 38 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-29 21:12:29 +02:00