busybox/libbb
Daniel Thompson a818777d42 libbb: Enable support for !CONFIG_MULTIUSER
Linux recently gained a new config option, CONFIG_MULTIUSER, that makes
support for non-root users optional. This results in a number of syscalls
being disabled: setuid, setregid, setgid, setreuid, setresuid, getresuid,
setresgid, getresgid, setgroups, getgroups, setfsuid, setfsgid, capget,
capset.

Currently a number of busybox applets, including login, struggle to run
when CONFIG_MULTIUSER is disabled. Even the root user is unable to login:
  login: can't set groups: Functi

This patch adds code to make change_identity() a nop on single user
systems. It works by recognising the signature errno value (ENOSYS, due
to the system calls being disabled) and, to avoid security risks, only
deploys when the current uid and target uid is the same.

After the patch is applied any attempt to switch to a non-root user will
fail. Thus a badly configured userspace (for example, one that tries to
start a daemon as a non-root user when the kernel cannot support this)
will report errors as one would expect.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2015-05-12 23:59:57 +02:00
..
appletlib.c special-case {true,false,test} --help 2015-04-21 16:00:41 +02:00
ask_confirmation.c
bb_askpass.c libbb: fix bb_ask() to flush input before prompt, not after. Closes 7190 2014-07-01 13:20:22 +02:00
bb_bswap_64.c
bb_do_delay.c
bb_pwd.c libpwdgrp: rewritten to use malloced implementation 2015-01-02 21:37:59 +01:00
bb_qsort.c
bb_strtod.c
bb_strtonum.c libbb/bb_strtonum: always set end ptr, even on error return 2011-12-22 13:00:32 +01:00
bbunit.c bbunit: fix WANT_TIMING compilation 2014-11-26 14:04:51 +01:00
change_identity.c libbb: Enable support for !CONFIG_MULTIUSER 2015-05-12 23:59:57 +02:00
chomp.c
compare_string_array.c libbb: introduce and use is_prefixed_with() 2015-03-12 17:48:34 +01:00
concat_path_file.c
concat_subpath_file.c
Config.src sha3: make size/speed optimization decision configurable 2013-01-15 01:12:26 +01:00
copy_file.c Add conditional support for -v / --verbose 2014-05-19 16:23:50 +02:00
copyfd.c libbb: use sendfile() to copy data between file descriptors 2014-11-27 23:31:58 +01:00
correct_password.c ftpd: add optional support for authentication 2014-08-05 21:57:18 +02:00
crc32.c
default_error_retval.c
device_open.c
die_if_bad_username.c
dump.c hexdump: don't unconditionally limit the usable address range 2013-03-27 15:15:33 +01:00
endofname.c move endofname() to libbb 2013-02-26 00:36:53 +01:00
executable.c libbb: rename execable -> executable. No code changes 2014-05-02 17:15:58 +02:00
fclose_nonstdin.c sed: open input files sequentially to avoid EMFILE 2013-11-28 03:14:16 +01:00
fflush_stdout_and_exit.c
fgets_str.c
find_mount_point.c find_mount_point: fix find_mount_point for char devices 2012-01-18 01:49:11 +01:00
find_pid_by_name.c
find_root_device.c
full_write.c
get_console.c
get_cpu_count.c
get_last_path_component.c
get_line_from_file.c
get_shell_name.c mark get_shell_name FAST_FUNC 2012-10-03 09:42:21 +02:00
get_volsize.c
getopt32.c
getpty.c script: make it work even if fd 0 is closed 2014-03-16 12:34:53 +01:00
hash_md5_sha.c sha3: tweak comments and indentation 2014-07-30 16:26:09 +02:00
hash_md5prime.c
herror_msg.c
human_readable.c Make smart_ulltoa return pointer to end (allows for code shink in callers) 2013-09-06 12:53:14 +02:00
in_ether.c fix failures found by randomconfig builds 2013-12-31 23:22:36 +01:00
inet_cksum.c
inet_common.c libbb: make INET[6]_rresolve use sockaddr2{host,dotted}_noport 2015-02-03 12:07:40 +01:00
info_msg.c
inode_hash.c du, copy_file: fix file matching on cramfs. Closes 5456 2014-02-25 15:27:58 +01:00
isdirectory.c libbb: remove is_directory's argument which is always NULL 2011-12-18 03:27:46 +01:00
Kbuild.src randomconfig fixes 2014-12-22 19:37:05 +01:00
kernel_version.c get_linux_version_code: don't fail on Linux version strints like "3.0-foo" 2012-05-05 17:47:23 +02:00
last_char_is.c
lineedit_ptr_hack.c
lineedit.c libbb: introduce and use is_prefixed_with() 2015-03-12 17:48:34 +01:00
llist.c
logenv.c zcip: Add environment variable for overriding log functionality 2014-11-04 12:19:04 +01:00
login.c libbb: introduce and use strftime_[YYYYMMDD]HHMMSS() 2013-03-29 12:30:33 +01:00
loop.c libbb/loop: don't try to re-use existing loop device 2015-02-07 19:13:57 +01:00
make_directory.c Add conditional support for -v / --verbose 2014-05-19 16:23:50 +02:00
makedev.c
match_fstype.c libbb: introduce and use is_prefixed_with() 2015-03-12 17:48:34 +01:00
messages.c
missing_syscalls.c Bionic lacks tcdrain; provide a workaround 2015-04-26 13:14:50 +02:00
mode_string.c
mtab.c
nuke_str.c fix failures found by randomconfig builds 2013-12-31 23:22:36 +01:00
obscure.c unit-tests: implement the unit-testing framework 2014-06-22 16:30:41 +02:00
parse_config.c mdev: do not treat non-leading '#' chars as start of comment. Closes 4676 2012-01-11 00:37:17 +01:00
parse_mode.c
percent_decode.c
perror_msg.c
perror_nomsg_and_die.c
perror_nomsg.c
pidfile.c
platform.c Bionic lacks ttyname_r; provide a workaround 2015-04-25 21:32:48 +02:00
print_flags.c
printable_string.c
printable.c Refactor catv. Move visible() from stty to libbb. 2013-07-30 06:29:42 +02:00
process_escape_sequence.c
procps.c libbb: introduce and use is_prefixed_with() 2015-03-12 17:48:34 +01:00
progress.c
ptr_to_globals.c
pw_encrypt_des.c
pw_encrypt_md5.c fix assorted unused code and wrong format specs found by cppchekc (bug 6716) 2013-11-29 16:43:33 +01:00
pw_encrypt_sha.c
pw_encrypt.c libbb: don't die if crypt() returns NULL 2014-02-09 14:38:03 +01:00
read_key.c Add comments in keyboard escape sequences table 2012-06-11 14:40:17 +02:00
read_printf.c libbb: remove unnecessary argument to nonblock_immune_read 2015-04-20 13:41:32 +02:00
read.c
README
recursive_action.c
remove_file.c Add conditional support for -v / --verbose 2014-05-19 16:23:50 +02:00
replace.c xargs: add support for -I and -i. Closes 493 2014-02-27 11:17:06 +01:00
rtc.c libbb: introduce and use is_prefixed_with() 2015-03-12 17:48:34 +01:00
run_shell.c
safe_gethostname.c sendmail: use host rather than NIS domain name for HELO 2012-04-28 17:04:19 +02:00
safe_poll.c
safe_strncpy.c
safe_write.c
selinux_common.c whitespace cleanup. no code changes 2013-01-14 15:57:44 +01:00
setup_environment.c su: do not change to home dir unless -l 2012-06-12 13:21:02 +02:00
signals.c libbb: correctness/size tweaks in signal-related helpers 2012-09-27 13:20:34 +02:00
simplify_path.c
single_argv.c
skip_whitespace.c libbb: introduce and use is_prefixed_with() 2015-03-12 17:48:34 +01:00
speed_table.c libbb: FreeBSD fix for B<num> baud rate constants not fitting into a short. 2014-01-08 15:25:20 +01:00
str_tolower.c
strrstr.c unit-tests: implement the unit-testing framework 2014-06-22 16:30:41 +02:00
sysconf.c libbb: add sanity check in bb_arg_max() 2014-12-24 01:46:29 +01:00
systemd_support.c
time.c libbb: fix parsing of "10101010" date/time form 2014-01-21 07:58:18 +01:00
trim.c
u_signal_names.c
udp_io.c
unicode.c lineedit: improve Unicode handling (still buggy though) 2013-08-19 16:44:05 +02:00
update_passwd.c libbb: introduce and use is_prefixed_with() 2015-03-12 17:48:34 +01:00
utmp.c *: Switch to POSIX utmpx API 2015-04-02 23:03:46 +02:00
uuencode.c libbb: shrink base64 decoding a bit 2011-10-28 16:15:00 +02:00
vdprintf.c libbb.h: remove unused defines 2011-10-24 04:06:18 +02:00
verror_msg.c Fix compile failures 2014-05-02 07:18:55 +02:00
vfork_daemon_rexec.c bb_daemonize_or_rexec(): add flag to double-fork; use it in start-stop-daemon 2011-11-09 19:44:37 +01:00
warn_ignoring_args.c
wfopen_input.c
wfopen.c
write.c
xatonum_template.c whitespace fixes. no code changes 2013-01-15 13:58:01 +01:00
xatonum.c truncate: new applet 2015-03-22 17:56:38 +01:00
xconnect.c libbb: introduce and use is_prefixed_with() 2015-03-12 17:48:34 +01:00
xfunc_die.c
xfuncs_printf.c libbb: Add xsetegid(), xseteuid(), xopen_as_uid_gid() functions 2013-10-08 14:52:49 +02:00
xfuncs.c less: move "retry-on-EAGAIN" logic closer to read ops 2014-09-22 21:14:02 +02:00
xgetcwd.c
xgethostbyname.c
xreadlink.c libbb: fix a bad check for uclibc >= 0.9.31 2014-03-16 20:53:40 +01:00
xrealloc_vector.c
xregcomp.c

Please see the LICENSE file for copyright information (GPLv2)

libbb is BusyBox's utility library.  All of this stuff used to be stuffed into
a single file named utility.c.  When I split utility.c to create libbb, some of
the very oldest stuff ended up without their original copyright and licensing
information (which is now lost in the mists of time).  If you see something
that you wrote that is mis-attributed, do let me know so we can fix that up.

	Erik Andersen
	<andersen@codepoet.org>