Age | Commit message (Collapse) | Author |
|
Based on a patch from Steven McDonald <steven@steven-mcdonald.id.au>:
This makes 'unshare --user' work correctly in the case where the user's
shell is provided by busybox itself.
'unshare --user' creates a new user namespace without any uid mappings.
As a result, /bin/busybox is setuid nobody:nogroup within the
namespace, as that is the only user. However, since no uids are mapped,
attempting to call setgid/setuid fails, even though this would do
nothing:
$ unshare --user ./busybox.broken ash
ash: setgid: Invalid argument
'unshare --map-root-user' still works, but because Linux only allows
uid/gid mappings to be set up once, creating a root mapping makes such
a namespace useless for creating multi-user containers.
With this patch, setgid and setuid will not be called in the case where
they would do nothing, which is always the case inside a new user
namespace because all uids are effectively mapped to nobody:
$ id -u
1000
$ ls -lh busybox.fixed
-rwsr-xr-x 1 root root 826.2K May 21 00:33 busybox.fixed
$ unshare --user ./busybox.fixed ash
$ id -u
65534
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
halt::0:0::/:/sbin/halt
function old new delta
run_applet_and_exit 748 751 +3
run_applet_no_and_exit 467 459 -8
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Many other appletw don't - they unconditionally use get_terminal_wodth(),
and here the amount of code saved by FEATURE_AUTOWIDTH=n is tiny.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
libbb/appletlib.c:558:12: warning: 'ingroup' defined but
not used [-Wunused-function]
static int ingroup(uid_t u, gid_t g)
^~~~~~~
That function is used only if FEATURE_SUID_CONFIG is also enabled.
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Allocation addresses of malloc() are jittery,
thought I had a mem leak in hush, but it was malloc variability.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Run this in a "sh SCRIPT":
sha256sum /dev/null
echo END
sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s.
By this time, entire script is read, and buffered in a FILE object
from fopen("SCRIPT"). But fgetc() did not consume entire input.
exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'.
(this may be libc-specific).
This change of fd position *is shared with the parent*!
Now parent can read more, and it thinks there is another "echo END".
End result: two "echo END"s are run.
Fix this by _exit()ing instead.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Not that allnoconfig build is useful in any way...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
When busybox is configured to contain a single applet an unnecessary
declaration of run_applet_and_exit results in a warning. Move the
declaration to avoid this.
Reported-by: Lauri Kasanen <curaga@operamail.com>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Both calls to run_applet_and_exit are followed by the same code
to print an error message and return status 127. Remove this
duplication and make run_applet_and_exit static.
function old new delta
run_applet_and_exit 675 667 -8
main 119 92 -27
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-35) Total: -35 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
A recent commit made it possible to disable BusyBox's --install
and --list options. However it also stopped "busybox <applet>
<params>" from working.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
If it's disabled, code shrinks by about 900 bytes:
function old new delta
usr_bin 10 - -10
usr_sbin 11 - -11
install_dir 20 - -20
applet_install_loc 184 - -184
run_applet_and_exit 686 21 -665
------------------------------------------------------------------------------
(add/remove: 0/4 grow/shrink: 0/1 up/down: 0/-890) Total: -890 bytes
text data bss dec hex filename
911327 493 7336 919156 e0674 busybox_old
909848 493 7336 917677 e00ad busybox_unstripped
but busybox executable by itself does not say anything useful:
$ busybox
busybox: applet not found
Based on the patch by Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
run_applet_and_exit 758 755 -3
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-3) Total: -3 bytes
In standalone shell mode the saving increases to 17 bytes.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The loop
for (j = ARRAY_SIZE(applet_nameofs)-1; j >= 0; j--) {
was intended to terminate when j goes negative, so j needs to be signed.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The array applet_nameofs consumes two bytes per applet. It encodes
nofork/noexec flags
suid flags
the offset of the applet name in the applet_name string
Change the applet_table build tool to store the flags in two separate
arrays (applet_flags and applet_suid). Replace applet_nameofs[] with a
smaller version that only stores a limited number of offsets.
This requires changes to the macros APPLET_IS_NOFORK, APPLET_IS_NOEXEC
and APPLET_SUID.
According to Valgrind the original find_applet_by_name required
353 cycles per call, averaged over all names. Adjusting the number
of known offsets allows space to be traded off against execution time:
KNOWN_OFFSETS cycles bytes (wrt KNOWN_OFFSETS = 0)
0 9057 -
2 4604 32
4 2407 75
8 1342 98
16 908 130
32 884 194
This patch uses KNOWN_OFFSETS = 8.
v2:
Remove some dead code from the applet_table tool;
Treat the applet in the middle of the table as a special case.
v3:
Use the middle applet to adjust the start of the linear search as
well as the last applet found.
v4:
Use an augmented linear search in find_applet_by_name.
Drop the special treatment of the middle name from get_applet_name:
most of the advantage now derives from the last stored value.
v5:
Don't store index in applet_nameofs, it can be calculated.
v6:
Tweaks by Denys
function old new delta
find_applet_by_name 25 125 +100
applet_suid - 92 +92
run_applet_no_and_exit 452 460 +8
run_applet_and_exit 695 697 +2
applet_name_compare 31 - -31
applet_nameofs 734 14 -720
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 3/1 up/down: 202/-751) Total: -549 bytes
text data bss dec hex filename
925464 906 17160 943530 e65aa busybox_old
924915 906 17160 942981 e6385 busybox_unstripped
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Ron Yorston <rmy@frippery.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
get_terminal_width - 17 +17
stty_main 1196 1197 +1
pstree_main 321 319 -2
ls_main 735 731 -4
watch_main 232 225 -7
bb_progress_update 714 706 -8
ps_main 555 543 -12
run_applet_and_exit 708 695 -13
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/6 up/down: 18/-46) Total: -28 byte
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
xget_uidgid 30 25 -5
make_device 2188 2183 -5
main 797 792 -5
get_uidgid 240 225 -15
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This patch removes stray empty line from busybox code
reported by script find_stray_empty_lines
Signed-off-by: Maninder Singh <maninder1.s@samsung.com>
Signed-off-by: Akhilesh Kumar <akhilesh.k@samsung.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This also removes their help texts.
function old new delta
run_applet_no_and_exit 442 452 +10
packed_usage 30713 30625 -88
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Copyright years seem to be out of date, e.g. coreutils/truncate.c
has Copyright (C) 2015.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
|
|
function old new delta
is_prefixed_with - 18 +18
complete_username 78 77 -1
man_main 737 735 -2
fsck_device 429 427 -2
unpack_ar_archive 80 76 -4
strip_unsafe_prefix 105 101 -4
singlemount 1054 1050 -4
rtc_adjtime_is_utc 90 86 -4
resolve_mount_spec 88 84 -4
parse_one_line 1029 1025 -4
parse_conf 1460 1456 -4
may_wakeup 83 79 -4
loadkmap_main 219 215 -4
get_irqs_from_stat 103 99 -4
get_header_cpio 913 909 -4
findfs_main 79 75 -4
fbsplash_main 1230 1226 -4
load_crontab 776 771 -5
expand_vars_to_list 1151 1146 -5
date_main 881 876 -5
skip_dev_pfx 30 24 -6
make_device 2199 2193 -6
complete_cmd_dir_file 773 767 -6
run_applet_and_exit 715 708 -7
uudecode_main 321 313 -8
pwdx_main 197 189 -8
execute 568 560 -8
i2cdetect_main 1186 1176 -10
procps_scan 1242 1230 -12
procps_read_smaps 1017 1005 -12
process_module 746 734 -12
patch_main 1903 1891 -12
nfsmount 3572 3560 -12
stack_machine 126 112 -14
process_timer_stats 449 435 -14
match_fstype 111 97 -14
do_ipaddr 1344 1330 -14
open_list_and_close 359 343 -16
get_header_tar 1795 1779 -16
prepend_new_eth_table 340 323 -17
fsck_main 1811 1794 -17
find_iface_state 56 38 -18
dnsd_main 1321 1303 -18
base_device 179 158 -21
find_keyword 104 82 -22
handle_incoming_and_exit 2785 2762 -23
parse_and_put_prompt 774 746 -28
modinfo 347 317 -30
find_action 204 171 -33
update_passwd 1470 1436 -34
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/49 up/down: 18/-540) Total: -522 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
run_applet_no_and_exit 447 445 -2
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
It is not clear why we were excluding init from this.
The "getpid() != 1" clause was there from the beginning (2001)
but not explained.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
When you build with FEATURE_INSTALLER disabled, you get a build
warning like so:
libbb/appletlib.c: In function 'busybox_main':
libbb/appletlib.c:691:7: warning: variable 'use_symbolic_links' set but
not used [-Wunused-but-set-variable]
int use_symbolic_links;
^
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
applet_name_compare 36 31 -5
find_applet_by_name 43 25 -18
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Existing copyright notice for binary would need to be longer to achieve
optimal accuracy. This compromise punts to the source for full notices,
but does note the years of the copyrights and that there are many authors,
all licensing under GPLv2.
Signed-off-by: Bradley M. Kuhn <bkuhn@ebb.org>
Signed-off-by: Tony Sebro <tony@sfconservancy.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Cristian Ionescu-Idbohrn <cii@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
main 785 809 +24
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
static.mode_mask - 20 +20
main 782 785 +3
static.mode_chars 15 13 -2
run_applet_no_and_exit 450 441 -9
mode_mask 24 - -24
------------------------------------------------------------------------------
(add/remove: 2/2 grow/shrink: 1/2 up/down: 41/-53) Total: -12 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
run_applet_no_and_exit 438 450 +12
ifupdown_main 2147 2149 +2
writeFileToTarball 1325 1326 +1
pidof_main 244 245 +1
last_main 896 897 +1
grep_main 779 780 +1
find_list_entry2 121 122 +1
tar_main 835 833 -2
llist_unlink 28 26 -2
llist_rev 23 21 -2
main 791 782 -9
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 7/4 up/down: 19/-15) Total: 4 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
parse_config_file 799 667 -132
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Marek Polacek <mpolacek@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|