summaryrefslogtreecommitdiff
path: root/util-linux
AgeCommit message (Collapse)Author
2017-08-09ipcrm,ipcs: make them NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-09ipcrm: code shrinkDenys Vlasenko
function old new delta ipcrm_main 698 663 -35 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08getopt32: remove opt_complementaryDenys Vlasenko
function old new delta vgetopt32 1318 1392 +74 runsvdir_main 703 713 +10 bb_make_directory 423 425 +2 collect_cpu 546 545 -1 opt_chars 3 - -3 opt_complementary 4 - -4 tftpd_main 567 562 -5 ntp_init 476 471 -5 zcip_main 1266 1256 -10 xxd_main 428 418 -10 whois_main 140 130 -10 who_main 463 453 -10 which_main 212 202 -10 wget_main 2535 2525 -10 watchdog_main 291 281 -10 watch_main 222 212 -10 vlock_main 399 389 -10 uuencode_main 332 322 -10 uudecode_main 316 306 -10 unlink_main 45 35 -10 udhcpd_main 1482 1472 -10 udhcpc_main 2762 2752 -10 tune2fs_main 290 280 -10 tunctl_main 366 356 -10 truncate_main 218 208 -10 tr_main 518 508 -10 time_main 1134 1124 -10 tftp_main 286 276 -10 telnetd_main 1873 1863 -10 tcpudpsvd_main 1785 1775 -10 taskset_main 521 511 -10 tar_main 1009 999 -10 tail_main 1644 1634 -10 syslogd_main 1967 1957 -10 switch_root_main 368 358 -10 svlogd_main 1454 1444 -10 sv 1296 1286 -10 stat_main 104 94 -10 start_stop_daemon_main 1028 1018 -10 split_main 542 532 -10 sort_main 796 786 -10 slattach_main 624 614 -10 shuf_main 504 494 -10 setsid_main 96 86 -10 setserial_main 1132 1122 -10 setfont_main 388 378 -10 setconsole_main 78 68 -10 sendmail_main 1209 1199 -10 sed_main 677 667 -10 script_main 1077 1067 -10 run_parts_main 325 315 -10 rtcwake_main 454 444 -10 rm_main 175 165 -10 reformime_main 119 109 -10 readlink_main 123 113 -10 rdate_main 246 236 -10 pwdx_main 189 179 -10 pstree_main 317 307 -10 pscan_main 663 653 -10 popmaildir_main 818 808 -10 pmap_main 80 70 -10 nc_main 1042 1032 -10 mv_main 558 548 -10 mountpoint_main 477 467 -10 mount_main 1264 1254 -10 modprobe_main 768 758 -10 modinfo_main 333 323 -10 mktemp_main 200 190 -10 mkswap_main 324 314 -10 mkfs_vfat_main 1489 1479 -10 microcom_main 715 705 -10 md5_sha1_sum_main 521 511 -10 man_main 867 857 -10 makedevs_main 1052 1042 -10 ls_main 563 553 -10 losetup_main 432 422 -10 loadfont_main 89 79 -10 ln_main 524 514 -10 link_main 75 65 -10 ipcalc_main 544 534 -10 iostat_main 2397 2387 -10 install_main 768 758 -10 id_main 480 470 -10 i2cset_main 1239 1229 -10 i2cget_main 380 370 -10 i2cdump_main 1482 1472 -10 i2cdetect_main 682 672 -10 hwclock_main 406 396 -10 httpd_main 741 731 -10 grep_main 837 827 -10 getty_main 1559 1549 -10 fuser_main 297 287 -10 ftpgetput_main 345 335 -10 ftpd_main 2232 2222 -10 fstrim_main 251 241 -10 fsfreeze_main 77 67 -10 fsck_minix_main 2921 2911 -10 flock_main 314 304 -10 flashcp_main 740 730 -10 flash_eraseall_main 833 823 -10 fdformat_main 532 522 -10 expand_main 680 670 -10 eject_main 335 325 -10 dumpleases_main 630 620 -10 du_main 314 304 -10 dos2unix_main 441 431 -10 diff_main 1350 1340 -10 df_main 1064 1054 -10 date_main 1095 1085 -10 cut_main 961 951 -10 cryptpw_main 228 218 -10 crontab_main 575 565 -10 crond_main 1149 1139 -10 cp_main 370 360 -10 common_traceroute_main 3834 3824 -10 common_ping_main 1767 1757 -10 comm_main 239 229 -10 cmp_main 655 645 -10 chrt_main 379 369 -10 chpst_main 704 694 -10 chpasswd_main 308 298 -10 chown_main 171 161 -10 chmod_main 158 148 -10 cat_main 428 418 -10 bzip2_main 120 110 -10 blkdiscard_main 264 254 -10 base64_main 221 211 -10 arping_main 1665 1655 -10 ar_main 556 546 -10 adjtimex_main 406 396 -10 adduser_main 882 872 -10 addgroup_main 411 401 -10 acpid_main 1198 1188 -10 optstring 11 - -11 opt_string 18 - -18 OPT_STR 25 - -25 ubi_tools_main 1288 1258 -30 ls_options 31 - -31 ------------------------------------------------------------------------------ (add/remove: 0/6 grow/shrink: 3/129 up/down: 86/-1383) Total: -1297 bytes text data bss dec hex filename 915428 485 6876 922789 e14a5 busybox_old 914629 485 6872 921986 e1182 busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08getopt32: remove applet_long_optionsDenys Vlasenko
FEATURE_GETOPT_LONG made dependent on LONG_OPTS. The folloving options are removed, now LONG_OPTS enables long options for affected applets: FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS They either had a small number of long options, or their long options are essential. Example: upstream addgroup and adduser have ONLY longopts, we should probably go further and get rid of non-standard short options. To this end, make addgroup and adduser "select LONG_OPTS". We had this breakage caused by us even in our own package! #if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP /* We try to use --gid, not -g, because "standard" addgroup * has no short option -g, it has only long --gid. */ argv[1] = (char*)"--gid"; #else /* Breaks if system in fact does NOT use busybox addgroup */ argv[1] = (char*)"-g"; #endif xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS. hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime Shorten help texts by omitting long option when short opt alternative exists. Reduction of size comes from the fact that store of an immediate (an address of longopts) to a fixed address (global variable) is a longer insn than pushing that immediate or passing it in a register. This effect is CPU-agnostic. function old new delta getopt32 1350 22 -1328 vgetopt32 - 1318 +1318 getopt32long - 24 +24 tftpd_main 562 567 +5 scan_recursive 376 380 +4 collect_cpu 545 546 +1 date_main 1096 1095 -1 hostname_main 262 259 -3 uname_main 259 255 -4 setpriv_main 362 358 -4 rmdir_main 191 187 -4 mv_main 562 558 -4 ipcalc_main 548 544 -4 ifenslave_main 641 637 -4 gzip_main 192 188 -4 gunzip_main 77 73 -4 fsfreeze_main 81 77 -4 flock_main 318 314 -4 deluser_main 337 333 -4 cp_main 374 370 -4 chown_main 175 171 -4 applet_long_options 4 - -4 xargs_main 894 889 -5 wget_main 2540 2535 -5 udhcpc_main 2767 2762 -5 touch_main 436 431 -5 tar_main 1014 1009 -5 start_stop_daemon_main 1033 1028 -5 sed_main 682 677 -5 script_main 1082 1077 -5 run_parts_main 330 325 -5 rtcwake_main 459 454 -5 od_main 2169 2164 -5 nl_main 201 196 -5 modprobe_main 773 768 -5 mkdir_main 160 155 -5 ls_main 568 563 -5 install_main 773 768 -5 hwclock_main 411 406 -5 getopt_main 622 617 -5 fstrim_main 256 251 -5 env_main 198 193 -5 dumpleases_main 635 630 -5 dpkg_main 3991 3986 -5 diff_main 1355 1350 -5 cryptpw_main 233 228 -5 cpio_main 593 588 -5 conspy_main 1135 1130 -5 chpasswd_main 313 308 -5 adduser_main 887 882 -5 addgroup_main 416 411 -5 ftpgetput_main 351 345 -6 get_terminal_width_height 242 234 -8 expand_main 690 680 -10 static.expand_longopts 18 - -18 static.unexpand_longopts 27 - -27 mkdir_longopts 28 - -28 env_longopts 30 - -30 static.ifenslave_longopts 34 - -34 mv_longopts 46 - -46 static.rmdir_longopts 48 - -48 packed_usage 31739 31687 -52 ------------------------------------------------------------------------------ (add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes text data bss dec hex filename 915681 485 6880 923046 e15a6 busybox_old 915428 485 6876 922789 e14a5 busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08*: fix up use of "getopt_longopts" for longopts not in getopt appletDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08ipcalc,rdev: make NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07freeramdisk: make NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07losetup: make NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07fatattr: make NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07users,w,who,uptime,renice: make NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07script: -f means "flush", not "fsync"Denys Vlasenko
function old new delta packed_usage 31765 31768 +3 script_main 1102 1082 -20 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07script: make -t[FILE] compatible with util-linuxDenys Vlasenko
function old new delta script_main 1056 1102 +46 packed_usage 31736 31765 +29 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 75/0) Total: 75 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07script: make -t independent of scriptreplayDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06sv,svc: fix NOEXEC falloutDenys Vlasenko
function old new delta svc_main 145 162 +17 sv 1280 1297 +17 status 139 133 -6 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/1 up/down: 34/-6) Total: 28 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06readprofile: do not close/free just before exitingDenys Vlasenko
function old new delta readprofile_main 1784 1762 -22 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06blkdiscard: make it NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06blkid: make it NOEXEC, make FEATURE_BLKID_TYPE=y defaultDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05lspci,lsscsi,lsusb: make them NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05umount: make it NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05pivot_root: make it NOFORKDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05blockdev, fsfreeze, fstrim, mountpoint: make NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04make 17 state-changing execing applets (ex: "nice PROG ARGS") noexecDenys Vlasenko
The applets with "<applet> [opts] PROG ARGS" API very quickly exec another program, noexec is okay for them: chpst/envdir/envuidgid/softlimit/setuidgid chroot chrt ionice nice nohup setarch/linux32/linux64 taskset cttyhack "reset" and "sulogin" applets don't have this form, but also exec another program at once, thus made noexec too. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04mesg: make in NOFORKDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04chat: trim help textDenys Vlasenko
Noticed while auditing nofork/noexec status function old new delta packed_usage 31777 31747 -30 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-03getopt: make it NOEXECDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02line editing: make read_line_input() not take timeout paramDenys Vlasenko
It's almost always -1. function old new delta read_line_input 3902 3912 +10 new_line_input_t 24 31 +7 pgetc 583 585 +2 save_command_ps_at_cur_history 80 78 -2 read_line 76 74 -2 fgetc_interactive 246 244 -2 addLines 84 82 -2 doCommands 2226 2222 -4 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/5 up/down: 19/-12) Total: 7 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-02do not use `a' quoting style in commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-27config: more tweaking of help textsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-27rdate: tweak comments, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-27swapon: do not use FEATURE_MOUNT_LABEL, have your own FEATURE_SWAPONOFF_LABELDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-27config: trim/improve item names and help texts, take 2Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-25volume_id: enable minix detectionDenys Vlasenko
function old new delta volume_id_probe_minix - 87 +87 fs2 64 68 +4 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 1/0 up/down: 91/0) Total: 91 bytes Patch by wdlkmpx <wdlkmpx@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-21config: deindent all help textsDenys Vlasenko
Those two spaces after tab have no effect, and always a nuisance when editing. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-19swapon/swapoff: trim config help textDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-19Update remaining menuconfig items with approximate applet sizesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-18Update menuconfig items with approximate applet sizesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-15fix more instances of ": $((a++))" in shell scriptsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-15blkdiscard: provide our own BLK[SEC]DISCARD if necessaryDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-10inetd,mount: do not die if uclibc without RPC is detectedDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07setpriv: remove dependency on libcap headersDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07setpriv: factor out capability name printingDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07setpriv: code shrink, and grouping capability code togetherDenys Vlasenko
function old new delta static.versions - 3 +3 getcaps 174 149 -25 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07setpriv: allow modifying ambient capabilitiesPatrick Steinhardt
With Linux 4.3, a new set of capabilities has been introduced with the ambient capabilities. These aim to solve the problem that it was impossible to grant run programs with elevated privileges across non-root users. Quoting from capabilities(7): This is a set of capabilities that are preserved across an execve(2) of a program that is not privileged. The ambient capability set obeys the invariant that no capability can ever be ambient if it is not both permitted and inheritable. With this new set of capabilities it is now possible to run an executable with elevated privileges as a different user, making it much easier to do proper privilege separation. Note though that the `--ambient-caps` switch is not part of any released version of util-linux, yet. It has been applied in 0c92194ee (setpriv: support modifying the set of ambient capabilities, 2017-06-24) and will probably be part of v2.31. function old new delta parse_cap - 174 +174 setpriv_main 1246 1301 +55 .rodata 146307 146347 +40 static.setpriv_longopts 40 55 +15 packed_usage 32092 32079 -13 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07setpriv: allow modifying inheritable capsPatrick Steinhardt
The main use case of setpriv is to modify the current state of privileges available to the calling process and spawn a new executable with the modified, new state. Next to the already supported case of modifying the no-new-privs flag, util-linux also supports to modify capability sets. This commit introduces to add or drop capabilities from the set of inheritable capabilities. Quoting from capabilities(7): This is a set of capabilities preserved across an execve(2). Inheritable capabilities remain inheritable when executing any program, and inheritable capabilities are added to the permitted set when executing a program that has the corresponding bits set in the file inheritable set. As such, inheritable capabilities enable executing files with certain privileges if the file itself has these privileges set. Note though that inheritable capabilities are dropped across execve when running as a non-root user. function old new delta getcaps - 237 +237 setpriv_main 1129 1246 +117 .rodata 146198 146307 +109 static.setpriv_longopts 29 40 +11 packed_usage 32107 32092 -15 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06setpriv: dump ambient capabilitiesPatrick Steinhardt
As with the previous commit, this commit introduces the ability to dump the set of ambient capabilities. function old new delta setpriv_main 982 1129 +147 .rodata 146148 146198 +50 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06setpriv: dump capability bounding setPatrick Steinhardt
As with the previous commit, this one implements the ability to dump the capability bounding set. function old new delta setpriv_main 838 982 +144 .rodata 146101 146148 +47 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06setpriv: dump inheritable capability setPatrick Steinhardt
The setpriv executable from util-linux also dumps out information on the different capability sets known by the kernel. By default, these are the inheritable capabilities, bounding capabilities and (not yet released) the ambient capabilities, which have been introduced with Linux 4.3. This patch introduces the ability to dump the set of inheritable capabilities. By default, setpriv(1) identifies capabilities by their human-readable name, for example 'net_admin'. For unknown capabilities, though, it does instead use the capability's value, for example 'cap_12', which is equivalent to 'net_admin'. As there is no kernel interface to retrieve capability names by their index, we have to declare these ourselves, which adds to setpriv's size. To counteract, using the human-readble name has been made configurable. The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES' enabled: function old new delta .rodata 145969 146405 +436 setpriv_main 467 842 +375 capabilities - 304 +304 And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled: function old new delta setpriv_main 467 838 +371 .rodata 145969 146101 +132 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06setpriv: dump no-new-privs infoPatrick Steinhardt
Introduce the ability to dump the state of the no-new-privs flag, which states whethere it is allowed to grant new privileges. function old new delta setpriv_main 419 467 +48 .rodata 145926 145969 +43 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04setpriv: dump user and group infoDenys Vlasenko
setpriv from util-linux has an option to dump the current state regarding privilege settings via '--dump'. It prints out information on the real and effective user and group IDs, supplementary groups, the no-new-privs flag, the capability sets as well as secure bits. This patch is the start of supporting this mode. To make introduction of the '--dump' easier to reason about, its introduction has been split into multiple patches. This particular one introduces the ability to print out user and group information of the current process. function old new delta setpriv_main 89 322 +233 getresuid - 41 +41 getresgid - 41 +41 static.setpriv_longopts 22 29 +7 packed_usage 31675 31669 -6 ------------------------------------------------------------------------------ (add/remove: 4/0 grow/shrink: 2/1 up/down: 322/-6) Total: 316 bytes Patch by Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04setpriv: prepare option parsing logic for additional optsPatrick Steinhardt
The current option parsing logic of setpriv only supports the case where we want to execute a sub-program and have at most one argument. Refactor handling of options to solve these shortcomings to make it easy to support 'setpriv --dump', which does not accept any additional arguments, as well as the case where additional options are passed to setpriv. This is done by handling 'argc' ourselves, throwing an error when no program is specified, as well as introducing an enum for the different option bitmasks. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>