a818777d42
Linux recently gained a new config option, CONFIG_MULTIUSER, that makes support for non-root users optional. This results in a number of syscalls being disabled: setuid, setregid, setgid, setreuid, setresuid, getresuid, setresgid, getresgid, setgroups, getgroups, setfsuid, setfsgid, capget, capset. Currently a number of busybox applets, including login, struggle to run when CONFIG_MULTIUSER is disabled. Even the root user is unable to login: login: can't set groups: Functi This patch adds code to make change_identity() a nop on single user systems. It works by recognising the signature errno value (ENOSYS, due to the system calls being disabled) and, to avoid security risks, only deploys when the current uid and target uid is the same. After the patch is applied any attempt to switch to a non-root user will fail. Thus a badly configured userspace (for example, one that tries to start a daemon as a non-root user when the kernel cannot support this) will report errors as one would expect. Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> |
||
---|---|---|
.. | ||
appletlib.c | ||
ask_confirmation.c | ||
bb_askpass.c | ||
bb_bswap_64.c | ||
bb_do_delay.c | ||
bb_pwd.c | ||
bb_qsort.c | ||
bb_strtod.c | ||
bb_strtonum.c | ||
bbunit.c | ||
change_identity.c | ||
chomp.c | ||
compare_string_array.c | ||
concat_path_file.c | ||
concat_subpath_file.c | ||
Config.src | ||
copy_file.c | ||
copyfd.c | ||
correct_password.c | ||
crc32.c | ||
default_error_retval.c | ||
device_open.c | ||
die_if_bad_username.c | ||
dump.c | ||
endofname.c | ||
executable.c | ||
fclose_nonstdin.c | ||
fflush_stdout_and_exit.c | ||
fgets_str.c | ||
find_mount_point.c | ||
find_pid_by_name.c | ||
find_root_device.c | ||
full_write.c | ||
get_console.c | ||
get_cpu_count.c | ||
get_last_path_component.c | ||
get_line_from_file.c | ||
get_shell_name.c | ||
get_volsize.c | ||
getopt32.c | ||
getpty.c | ||
hash_md5_sha.c | ||
hash_md5prime.c | ||
herror_msg.c | ||
human_readable.c | ||
in_ether.c | ||
inet_cksum.c | ||
inet_common.c | ||
info_msg.c | ||
inode_hash.c | ||
isdirectory.c | ||
Kbuild.src | ||
kernel_version.c | ||
last_char_is.c | ||
lineedit_ptr_hack.c | ||
lineedit.c | ||
llist.c | ||
logenv.c | ||
login.c | ||
loop.c | ||
make_directory.c | ||
makedev.c | ||
match_fstype.c | ||
messages.c | ||
missing_syscalls.c | ||
mode_string.c | ||
mtab.c | ||
nuke_str.c | ||
obscure.c | ||
parse_config.c | ||
parse_mode.c | ||
percent_decode.c | ||
perror_msg.c | ||
perror_nomsg_and_die.c | ||
perror_nomsg.c | ||
pidfile.c | ||
platform.c | ||
print_flags.c | ||
printable_string.c | ||
printable.c | ||
process_escape_sequence.c | ||
procps.c | ||
progress.c | ||
ptr_to_globals.c | ||
pw_encrypt_des.c | ||
pw_encrypt_md5.c | ||
pw_encrypt_sha.c | ||
pw_encrypt.c | ||
read_key.c | ||
read_printf.c | ||
read.c | ||
README | ||
recursive_action.c | ||
remove_file.c | ||
replace.c | ||
rtc.c | ||
run_shell.c | ||
safe_gethostname.c | ||
safe_poll.c | ||
safe_strncpy.c | ||
safe_write.c | ||
selinux_common.c | ||
setup_environment.c | ||
signals.c | ||
simplify_path.c | ||
single_argv.c | ||
skip_whitespace.c | ||
speed_table.c | ||
str_tolower.c | ||
strrstr.c | ||
sysconf.c | ||
systemd_support.c | ||
time.c | ||
trim.c | ||
u_signal_names.c | ||
udp_io.c | ||
unicode.c | ||
update_passwd.c | ||
utmp.c | ||
uuencode.c | ||
vdprintf.c | ||
verror_msg.c | ||
vfork_daemon_rexec.c | ||
warn_ignoring_args.c | ||
wfopen_input.c | ||
wfopen.c | ||
write.c | ||
xatonum_template.c | ||
xatonum.c | ||
xconnect.c | ||
xfunc_die.c | ||
xfuncs_printf.c | ||
xfuncs.c | ||
xgetcwd.c | ||
xgethostbyname.c | ||
xreadlink.c | ||
xrealloc_vector.c | ||
xregcomp.c |
Please see the LICENSE file for copyright information (GPLv2) libbb is BusyBox's utility library. All of this stuff used to be stuffed into a single file named utility.c. When I split utility.c to create libbb, some of the very oldest stuff ended up without their original copyright and licensing information (which is now lost in the mists of time). If you see something that you wrote that is mis-attributed, do let me know so we can fix that up. Erik Andersen <andersen@codepoet.org>