emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
busybox/libbb
History
Denys Vlasenko 12a4f9afe7 libbb: do not die if setgid/setuid(real_id) on startup fails 
Based on a patch from Steven McDonald <steven@steven-mcdonald.id.au>:

This makes 'unshare --user' work correctly in the case where the user's
shell is provided by busybox itself.

'unshare --user' creates a new user namespace without any uid mappings.
As a result, /bin/busybox is setuid nobody:nogroup within the
namespace, as that is the only user. However, since no uids are mapped,
attempting to call setgid/setuid fails, even though this would do
nothing:

  $ unshare --user ./busybox.broken ash
  ash: setgid: Invalid argument

'unshare --map-root-user' still works, but because Linux only allows
uid/gid mappings to be set up once, creating a root mapping makes such
a namespace useless for creating multi-user containers.

With this patch, setgid and setuid will not be called in the case where
they would do nothing, which is always the case inside a new user
namespace because all uids are effectively mapped to nobody:

  $ id -u
  1000
  $ ls -lh busybox.fixed
  -rwsr-xr-x    1 root     root      826.2K May 21 00:33 busybox.fixed
  $ unshare --user ./busybox.fixed ash
  $ id -u
  65534

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-10 09:17:43 +02:00
..
appletlib.c
libbb: do not die if setgid/setuid(real_id) on startup fails
2017-07-10 09:17:43 +02:00
ask_confirmation.c
auto_string.c
libbb: auto_string() for efficient handling of temporary malloced stirngs
2015-10-09 17:59:56 +02:00
bb_askpass.c
use auto_string() where appropriate to kill a few statics
2015-10-09 18:16:40 +02:00
bb_bswap_64.c
bb_cat.c
fix errors found with make_single_applets.sh
2017-04-12 15:48:19 +02:00
bb_do_delay.c
bb_getgroups.c
libbb: new function bb_getgroups() - allocating wrapper around getgroups()
2017-07-04 18:56:45 +02:00
bb_pwd.c
libpwdgrp: rewritten to use malloced implementation
2015-01-02 21:37:59 +01:00
bb_qsort.c
bb_strtod.c
bb_strtonum.c
libbb/bb_strtonum: always set end ptr, even on error return
2011-12-22 13:00:32 +01:00
bbunit.c
unit-tests: remove code depending on WANT_TIMING
2015-08-17 17:01:49 +02:00
change_identity.c
libbb: Enable support for !CONFIG_MULTIUSER
2015-05-12 23:59:57 +02:00
chomp.c
common_bufsiz.c
comment and readme updates
2016-11-04 14:13:58 +01:00
compare_string_array.c
libbb: another unit test for is_suffixed_with
2015-09-15 23:38:01 +02:00
concat_path_file.c
concat_subpath_file.c
Config.src
Big cleanup in config help and description
2017-01-10 14:58:54 +01:00
copy_file.c
cp: fix -i for POSIX mode. Closes 9106
2016-08-13 23:23:48 +02:00
copyfd.c
libbb: use sendfile() to copy data between file descriptors
2014-11-27 23:31:58 +01:00
correct_password.c
libbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD
2017-04-13 13:04:05 +02:00
crc32.c
Replace int -> uint to avoid signed integer overflow
2017-02-04 23:10:22 +01:00
default_error_retval.c
device_open.c
die_if_bad_username.c
die_if_bad_username: tighten up a bit
2011-08-09 04:05:13 +02:00
dump.c
libbb: shrink sump.c
2017-01-25 16:21:00 +01:00
endofname.c
move endofname() to libbb
2013-02-26 00:36:53 +01:00
executable.c
su: expand help; simplify passing of -c CMD to run_shell()
2016-11-03 22:13:08 +01:00
fclose_nonstdin.c
sed: open input files sequentially to avoid EMFILE
2013-11-28 03:14:16 +01:00
fflush_stdout_and_exit.c
remove global "jmp_buf die_jmp" from !FEATURE_PREFER_APPLETS builds
2015-10-09 16:42:57 +02:00
fgets_str.c
find_mount_point.c
find_mount_point: fix find_mount_point for char devices
2012-01-18 01:49:11 +01:00
find_pid_by_name.c
find_root_device.c
full_write.c
get_console.c
get_cpu_count.c
get_last_path_component.c
find: cater for libc w/o FNM_CASEFOLD
2011-05-23 00:40:54 +02:00
get_line_from_file.c
libbb: split bb_get_chunk_from_file and bb_get_chunk_with_continuation
2011-06-17 03:37:43 +02:00
get_shell_name.c
mark get_shell_name FAST_FUNC
2012-10-03 09:42:21 +02:00
get_volsize.c
getopt32.c
fixes for bugs found by make_single_applets.sh
2017-07-03 21:31:16 +02:00
getpty.c
script: make it work even if fd 0 is closed
2014-03-16 12:34:53 +01:00
hash_md5_sha.c
tls: add 2nd cipher_id, TLS_RSA_WITH_AES_128_CBC_SHA, so far it doesn't work
2017-01-24 16:00:54 +01:00
hash_md5prime.c
tls: add 2nd cipher_id, TLS_RSA_WITH_AES_128_CBC_SHA, so far it doesn't work
2017-01-24 16:00:54 +01:00
herror_msg.c
human_readable.c
du: extra compat: with -k and -m, round sizes up
2015-10-15 21:33:34 +02:00
in_ether.c
Removes stray empty line from code
2015-07-13 03:25:46 +02:00
inet_cksum.c
inet_cksum: big-endian fix
2011-09-08 10:59:26 +02:00
inet_common.c
libbb: make INET[6]_rresolve use sockaddr2{host,dotted}_noport
2015-02-03 12:07:40 +01:00
inode_hash.c
du, copy_file: fix file matching on cramfs. Closes 5456
2014-02-25 15:27:58 +01:00
isdirectory.c
libbb: remove is_directory's argument which is always NULL
2011-12-18 03:27:46 +01:00
isqrt.c
libbb: move isqrt from factor, use it in diff too
2017-04-11 07:34:56 +02:00
Kbuild.src
login: move check_securetty to libbb
2017-04-13 12:39:03 +02:00
kernel_version.c
tidy up strtok use
2015-10-23 18:43:16 +02:00
last_char_is.c
lineedit_ptr_hack.c
lineedit.c
libbb: consolidate the code to set termios unbuffered mode
2017-01-11 16:17:59 +01:00
llist.c
main: free suid_config list after use
2011-05-16 12:21:31 +02:00
logenv.c
zcip: Add environment variable for overriding log functionality
2014-11-04 12:19:04 +01:00
login.c
libbb: handle \S in /etc/issue
2016-09-24 23:50:43 +02:00
loop.c
mount: create loop devices with LO_FLAGS_AUTOCLEAR flag
2017-03-16 16:55:47 +01:00
make_directory.c
fix musl problem with dirname, now for all users of bb_make_directory()
2016-12-04 10:42:07 +01:00
makedev.c
match_fstype.c
libbb: match_fstype() is unreadable in the extreme, fixing it
2017-01-30 00:45:05 +01:00
messages.c
Change BB_EXTRA_VERSION: now it needs to contain any spaces/parenthesis
2017-07-04 16:01:12 +02:00
missing_syscalls.c
Resolve linker issues with Android API 21 (dprintf, tcdrain)
2015-12-17 16:42:41 +01:00
mode_string.c
*: slap on a few ALIGN1/2s where appropriate
2016-04-22 18:09:21 +02:00
mtab.c
nuke_str.c
fix failures found by randomconfig builds
2013-12-31 23:22:36 +01:00
obscure.c
unit-tests: implement the unit-testing framework
2014-06-22 16:30:41 +02:00
parse_config.c
getopt32: add new syntax of 'o:+' and 'o:*' for -o NUM and -o LIST
2016-07-06 21:58:02 +02:00
parse_mode.c
libbb: more compact API for bb_parse_mode()
2015-10-07 17:55:33 +02:00
percent_decode.c
wget: URL-decode user:password before base64-encoding it into auth hdr. Closes 3625.
2011-09-11 21:04:02 +02:00
perror_msg.c
perror_nomsg_and_die.c
perror_nomsg.c
pidfile.c
platform.c
Bionic lacks ttyname_r; provide a workaround
2015-04-25 21:32:48 +02:00
print_flags.c
print_numbered_lines.c
fix errors found with make_single_applets.sh
2017-04-12 15:48:19 +02:00
printable_string.c
libbb: auto_string() for efficient handling of temporary malloced stirngs
2015-10-09 17:59:56 +02:00
printable.c
Refactor catv. Move visible() from stty to libbb.
2013-07-30 06:29:42 +02:00
process_escape_sequence.c
procps.c
ps: avoid -o stat to contain spaces. Closes 9631
2017-02-02 13:04:30 +01:00
progress.c
wget: if stderr is not a tty, progress bar shouldn't use tty-tricks
2015-10-23 02:01:38 +02:00
ptr_to_globals.c
pw_encrypt_des.c
pw_encrypt_md5.c
fix assorted unused code and wrong format specs found by cppchekc (bug 6716)
2013-11-29 16:43:33 +01:00
pw_encrypt_sha.c
tls: add 2nd cipher_id, TLS_RSA_WITH_AES_128_CBC_SHA, so far it doesn't work
2017-01-24 16:00:54 +01:00
pw_encrypt.c
Replace int -> uint to avoid signed integer overflow
2017-02-04 23:10:22 +01:00
read_key.c
lineedit: fix handling of repeating Alt-b, Alt-f, Alt-d, Alt-Backspace
2016-11-24 15:04:00 +01:00
read_printf.c
libbb: remove unnecessary argument to nonblock_immune_read
2015-04-20 13:41:32 +02:00
read.c
README
recursive_action.c
modprobe: do not descend into /etc/modprobe.d/DIR/. Closes 8686
2017-04-06 15:23:26 +02:00
remove_file.c
Add conditional support for -v / --verbose
2014-05-19 16:23:50 +02:00
replace.c
xargs: add support for -I and -i. Closes 493
2014-02-27 11:17:06 +01:00
rtc.c
libbb: introduce and use is_prefixed_with()
2015-03-12 17:48:34 +01:00
run_shell.c
su: expand help; simplify passing of -c CMD to run_shell()
2016-11-03 22:13:08 +01:00
safe_gethostname.c
sendmail: use host rather than NIS domain name for HELO
2012-04-28 17:04:19 +02:00
safe_poll.c
safe_strncpy.c
safe_write.c
securetty.c
libbb: fix "error: redefinition of 'is_tty_secure'"
2017-04-13 17:55:05 +02:00
selinux_common.c
whitespace cleanup. no code changes
2013-01-14 15:57:44 +01:00
setup_environment.c
su: do not change to home dir unless -l
2012-06-12 13:21:02 +02:00
signals.c
libbb: correctness/size tweaks in signal-related helpers
2012-09-27 13:20:34 +02:00
simplify_path.c
single_argv.c
basename,dirname,freeramdisk,rx,raidautorun,runsv,chvt: skip "--" argument
2011-04-11 03:58:30 +02:00
skip_whitespace.c
libbb: introduce and use is_prefixed_with()
2015-03-12 17:48:34 +01:00
speed_table.c
libbb/speed_table.c: expand comments
2016-09-26 14:37:12 +02:00
str_tolower.c
strrstr.c
unit-tests: implement the unit-testing framework
2014-06-22 16:30:41 +02:00
sysconf.c
libbb: add sanity check in bb_arg_max()
2014-12-24 01:46:29 +01:00
time.c
libbb: fix time parsing of [[CC]YY]MMDDhhmm[.SS]. Closes 8951
2016-05-31 02:50:54 +02:00
trim.c
u_signal_names.c
*: slap on a few ALIGN1/2s where appropriate
2016-04-22 18:09:21 +02:00
ubi.c
whitespace and namespace cleanups
2016-04-03 22:24:51 +02:00
udp_io.c
libbb:/send_to_from: do not require that "to" should have the same AF. Closes 9146
2016-09-15 13:20:51 +02:00
unicode.c
lineedit: improve Unicode handling (still buggy though)
2013-08-19 16:44:05 +02:00
update_passwd.c
fix breakage found by mass one-applet builds
2016-12-23 02:42:26 +01:00
utmp.c
*: Switch to POSIX utmpx API
2015-04-02 23:03:46 +02:00
uuencode.c
libbb: shrink base64 decoding a bit
2011-10-28 16:15:00 +02:00
vdprintf.c
libbb.h: remove unused defines
2011-10-24 04:06:18 +02:00
verror_msg.c
libbb: speed up error_msg functions
2016-04-03 16:55:03 +02:00
vfork_daemon_rexec.c
main: fix the case where user has "halt" as login shell. Closes 9986
2017-07-07 19:08:56 +02:00
warn_ignoring_args.c
wfopen_input.c
wfopen.c
write.c
xatonum_template.c
whitespace fixes. no code changes
2013-01-15 13:58:01 +01:00
xatonum.c
df: implement -B n<suff> and -B <suff> formats of -B option
2016-12-12 19:56:31 +01:00
xconnect.c
libbb: make xmalloc_sockaddr2dotted use NI_NUMERICSCOPE
2016-09-26 19:53:04 +02:00
xfunc_die.c
remove global "jmp_buf die_jmp" from !FEATURE_PREFER_APPLETS builds
2015-10-09 16:42:57 +02:00
xfuncs_printf.c
libbb/xwrite: print errno on "short write" errors
2016-09-05 15:20:10 +02:00
xfuncs.c
libbb: consolidate the code to set termios unbuffered mode
2017-01-11 16:17:59 +01:00
xgetcwd.c
xgethostbyname.c
xreadlink.c
libbb: fix a bad check for uclibc >= 0.9.31
2014-03-16 20:53:40 +01:00
xrealloc_vector.c
xregcomp.c

README 

Please see the LICENSE file for copyright information (GPLv2)

libbb is BusyBox's utility library.  All of this stuff used to be stuffed into
a single file named utility.c.  When I split utility.c to create libbb, some of
the very oldest stuff ended up without their original copyright and licensing
information (which is now lost in the mists of time).  If you see something
that you wrote that is mis-attributed, do let me know so we can fix that up.

	Erik Andersen
	<andersen@codepoet.org>