summaryrefslogtreecommitdiff
path: root/util-linux
AgeCommit message (Collapse)Author
2017-07-07setpriv: allow modifying ambient capabilitiesPatrick Steinhardt
With Linux 4.3, a new set of capabilities has been introduced with the ambient capabilities. These aim to solve the problem that it was impossible to grant run programs with elevated privileges across non-root users. Quoting from capabilities(7): This is a set of capabilities that are preserved across an execve(2) of a program that is not privileged. The ambient capability set obeys the invariant that no capability can ever be ambient if it is not both permitted and inheritable. With this new set of capabilities it is now possible to run an executable with elevated privileges as a different user, making it much easier to do proper privilege separation. Note though that the `--ambient-caps` switch is not part of any released version of util-linux, yet. It has been applied in 0c92194ee (setpriv: support modifying the set of ambient capabilities, 2017-06-24) and will probably be part of v2.31. function old new delta parse_cap - 174 +174 setpriv_main 1246 1301 +55 .rodata 146307 146347 +40 static.setpriv_longopts 40 55 +15 packed_usage 32092 32079 -13 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07setpriv: allow modifying inheritable capsPatrick Steinhardt
The main use case of setpriv is to modify the current state of privileges available to the calling process and spawn a new executable with the modified, new state. Next to the already supported case of modifying the no-new-privs flag, util-linux also supports to modify capability sets. This commit introduces to add or drop capabilities from the set of inheritable capabilities. Quoting from capabilities(7): This is a set of capabilities preserved across an execve(2). Inheritable capabilities remain inheritable when executing any program, and inheritable capabilities are added to the permitted set when executing a program that has the corresponding bits set in the file inheritable set. As such, inheritable capabilities enable executing files with certain privileges if the file itself has these privileges set. Note though that inheritable capabilities are dropped across execve when running as a non-root user. function old new delta getcaps - 237 +237 setpriv_main 1129 1246 +117 .rodata 146198 146307 +109 static.setpriv_longopts 29 40 +11 packed_usage 32107 32092 -15 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06setpriv: dump ambient capabilitiesPatrick Steinhardt
As with the previous commit, this commit introduces the ability to dump the set of ambient capabilities. function old new delta setpriv_main 982 1129 +147 .rodata 146148 146198 +50 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06setpriv: dump capability bounding setPatrick Steinhardt
As with the previous commit, this one implements the ability to dump the capability bounding set. function old new delta setpriv_main 838 982 +144 .rodata 146101 146148 +47 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06setpriv: dump inheritable capability setPatrick Steinhardt
The setpriv executable from util-linux also dumps out information on the different capability sets known by the kernel. By default, these are the inheritable capabilities, bounding capabilities and (not yet released) the ambient capabilities, which have been introduced with Linux 4.3. This patch introduces the ability to dump the set of inheritable capabilities. By default, setpriv(1) identifies capabilities by their human-readable name, for example 'net_admin'. For unknown capabilities, though, it does instead use the capability's value, for example 'cap_12', which is equivalent to 'net_admin'. As there is no kernel interface to retrieve capability names by their index, we have to declare these ourselves, which adds to setpriv's size. To counteract, using the human-readble name has been made configurable. The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES' enabled: function old new delta .rodata 145969 146405 +436 setpriv_main 467 842 +375 capabilities - 304 +304 And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled: function old new delta setpriv_main 467 838 +371 .rodata 145969 146101 +132 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06setpriv: dump no-new-privs infoPatrick Steinhardt
Introduce the ability to dump the state of the no-new-privs flag, which states whethere it is allowed to grant new privileges. function old new delta setpriv_main 419 467 +48 .rodata 145926 145969 +43 Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04setpriv: dump user and group infoDenys Vlasenko
setpriv from util-linux has an option to dump the current state regarding privilege settings via '--dump'. It prints out information on the real and effective user and group IDs, supplementary groups, the no-new-privs flag, the capability sets as well as secure bits. This patch is the start of supporting this mode. To make introduction of the '--dump' easier to reason about, its introduction has been split into multiple patches. This particular one introduces the ability to print out user and group information of the current process. function old new delta setpriv_main 89 322 +233 getresuid - 41 +41 getresgid - 41 +41 static.setpriv_longopts 22 29 +7 packed_usage 31675 31669 -6 ------------------------------------------------------------------------------ (add/remove: 4/0 grow/shrink: 2/1 up/down: 322/-6) Total: 316 bytes Patch by Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04setpriv: prepare option parsing logic for additional optsPatrick Steinhardt
The current option parsing logic of setpriv only supports the case where we want to execute a sub-program and have at most one argument. Refactor handling of options to solve these shortcomings to make it easy to support 'setpriv --dump', which does not accept any additional arguments, as well as the case where additional options are passed to setpriv. This is done by handling 'argc' ourselves, throwing an error when no program is specified, as well as introducing an enum for the different option bitmasks. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04setpriv: do not process remaining argsPatrick Steinhardt
By default, the 'getopt32' call will continue parsing the command line even after hitting a non-option string. But in setpriv, this should be avoided, as all parameters following the initial non-option argument are in fact arguments to the binary that is to be executed by setpriv. Otherwise, calling e.g. 'busybox setpriv ls -l' would result in an error due to the unknown parameter "-l". Fix the issue by passing "+" as the first character in the options string. This will cause 'getopt32' to stop processing after hitting the first non-option. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-03fixes for bugs found by make_single_applets.shDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-06-14unshare: fix help text; select LONG_OPTS instead depending on themDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-06-14setpriv: new appletAssaf Gordon
Add a minimal 'setpriv' implementation supporting the NO_NEW_PRIVS bit. Typical usage: $ busybox setpriv sudo uname Linux $ busybox setpriv --nnp sudo uname sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? function old new delta packed_usage 31580 31685 +105 setpriv_main - 87 +87 prctl - 53 +53 static.setpriv_longopts - 22 +22 applet_names 2620 2628 +8 applet_main 1516 1520 +4 ------------------------------------------------------------------------------ (add/remove: 5/0 grow/shrink: 3/0 up/down: 279/0) Total: 279 bytes Signed-off-by: Assaf Gordon <assafgordon@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-17Spelling fixes in comments, documentation, tests and examplesDenys Vlasenko
By klemens <ka7@github.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-12libbb: GETOPT_RESET macroKaarle Ritvanen
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-12Sort more misplaced applets into coreutils or util-linuxDenys Vlasenko
No code changes Surprisingly, nice and renice are coming from different packages :) Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-12Sort some miscutils/ applets into coreutils or util-linuxDenys Vlasenko
No code changes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-11fallocate: new appletDenys Vlasenko
NAME fallocate - preallocate or deallocate space to a file SYNOPSIS fallocate [-c|-p|-z] [-o offset] -l length [-n] filename fallocate -d [-o offset] [-l length] filename DESCRIPTION fallocate is used to manipulate the allocated disk space for a file, either to deallocate or preallocate it. For filesystems which support the fallocate system call, preallocation is done quickly by allocating blocks and marking them as uninitialized, requiring no IO to the data blocks. This is much faster than creating a file by filling it with zeroes. function old new delta fallocate_main - 179 +179 applet_names 2597 2606 +9 applet_main 1504 1508 +4 applet_suid 94 95 +1 applet_install_loc 188 189 +1 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-11fsfreeze: new appletDenys Vlasenko
NAME fsfreeze - suspend access to a filesystem (Ext3/4, ReiserFS, JFS, XFS) SYNOPSIS fsfreeze --freeze|--unfreeze mountpoint DESCRIPTION fsfreeze suspends or resumes access to a filesystem. fsfreeze halts any new access to the filesystem and creates a stable image on disk. AVAILABILITY The fsfreeze command is part of the util-linux 2.28 function old new delta fsfreeze_main - 81 +81 applet_names 2597 2606 +9 applet_main 1504 1508 +4 applet_suid 94 95 +1 applet_install_loc 188 189 +1 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-03-24switch_root: don't bail out when console doesn't existAndrei Gherzan
Busybox is very often used in initramfs at the end of which usually there is a switch_root to the actual rootfs. There are many cases where the console kernel argument is either just a placeholder (for example RaspberryPi uses serial0 and serial1) or configured as null to avoid any console messages - usually you would see such of a setup in production environments. Currently busybox bails out if can't open the console argument. If this happenes in initramfs and if the console=null for example, you get in a blind kernel panic. Avoid this by only warning instead of dying. function old new delta switch_root_main 371 368 -3 Signed-off-by: Andrei Gherzan <andrei@gherzan.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-03-16Revert "umount: make -d always active, add -D to suppress it"Denys Vlasenko
This reverts commit 86a03bee1d3d6990c03bf500836b19ec8a1c1f12. Since now our "mount -oloop" creates AUTOCLEARed loopdevs, we no longer need our umount to destroy loopdevs to match the usual util-linux behaviour. Now this revert fixes another, opposite bug: "explicit" mount /dev/loopN and then umount must not drop loopdevs! User complaint is as follows: It seems LOOP_CLR_FD called on a loop-*partition* removes the mapping of the whole *device* - which results in the following: root@LEDE:/# loop=$(losetup -f) root@LEDE:/# echo ${loop} /dev/loop2 root@LEDE:/# losetup ${loop} /IMAGE root@LEDE:/# ls -l ${loop}* brw------- 1 root root 7, 2 Mar 6 20:09 /dev/loop2 root@LEDE:/# partprobe ${loop} root@LEDE:/# ls -l ${loop}* brw------- 1 root root 7, 2 Mar 6 20:09 /dev/loop2 brw------- 1 root root 259, 8 Mar 6 21:59 /dev/loop2p1 brw------- 1 root root 259, 9 Mar 6 21:59 /dev/loop2p2 brw------- 1 root root 259, 10 Mar 6 21:59 /dev/loop2p3 brw------- 1 root root 259, 11 Mar 6 21:59 /dev/loop2p4 brw------- 1 root root 259, 12 Mar 6 21:59 /dev/loop2p5 brw------- 1 root root 259, 13 Mar 6 21:59 /dev/loop2p6 brw------- 1 root root 259, 14 Mar 6 21:59 /dev/loop2p7 brw------- 1 root root 259, 15 Mar 6 21:59 /dev/loop2p8 root@LEDE:/# mount ${loop}p8 /MOUNT # mount loop partition root@LEDE:/# losetup -a | grep $loop # loop dev mapping still there /dev/loop2: 0 /mnt/IMAGE root@LEDE:/# strace umount /MOUNT 2> /log # unmount loop partition root@LEDE:/# losetup -a | grep ${loop} # loop device mapping is gone root@LEDE:/# grep -i loop /log open("/dev/loop2p7", O_RDONLY|O_LARGEFILE) = 3 ioctl(3, LOOP_CLR_FD) = 0 root@LEDE:/# The strace was done to figure out, if maybe umount wrongly ioctl()'s the parent device instead of the partition - it doesn't. I already wasn't a fan of umount implicitly removing the mapping in the first place (as I usually setup and release loop devices with `losetup` and scripts needed to call umount differently in order to work and outside busybox). However taking above (kernel-)behaviour into account - umount calling ioctl(LOOP_CLR_FD) unconditionally potentially causes some nasty side effects Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-03-16mount: create loop devices with LO_FLAGS_AUTOCLEAR flagDenys Vlasenko
The "autolooped" mount (mount [-oloop] IMAGE /DIR/DIR) always creates AUTOCLEARed loopdevs, so that umounting drops them (and this does not require any code in the umount userspace). This happens since circa linux-2.6.25: commit 96c5865559cee0f9cbc5173f3c949f6ce3525581 Date: Wed Feb 6 01:36:27 2008 -0800 Subject: Allow auto-destruction of loop devices IOW: in this case, umount does not have to use -d to drop the loopdev. The explicit loop mount (mount /dev/loopN /DIR/DIR) does not do this. In this case, umount without -d should not drop loopdev. Unfortunately, bbox umount currently always implies -d, this probably needs fixing. function old new delta set_loop 537 597 +60 singlemount 1101 1138 +37 losetup_main 419 432 +13 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/0 up/down: 110/0) Total: 110 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-30libbb: match_fstype() is unreadable in the extreme, fixing itDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-29*: add comment about APPLET_ODDNAME formatDenys Vlasenko
It confused me more than once Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-25xxd: make -p output lines actually end with a newlineDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-25xxd: implement -pDenys Vlasenko
While at it, tweaked hexdump --help function old new delta xxd_main 364 414 +50 packed_usage 31097 31114 +17 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-25hexdump/xxd: a bit more condensed formatsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-25xxd: new appletDenys Vlasenko
Yet Another Hexdumper function old new delta xxd_main - 364 +364 packed_usage 31046 31116 +70 applet_names 2560 2564 +4 applet_main 1476 1480 +4 rewrite 1022 1013 -9 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 3/1 up/down: 442/-9) Total: 433 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21make --help texts more uniformDenys Vlasenko
function old new delta packed_usage 31062 31035 -27 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20rdate: time(NULL) is shorter than time(&var)Denys Vlasenko
function old new delta rdate_main 251 246 -5 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20rdate: make it do something remotely sane, facing 32-bit time overflowDenys Vlasenko
function old new delta rdate_main 251 254 +3 packed_usage 31029 31023 -6 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19fdisk: add typical values of -H and -S to --helpDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11libbb: consolidate the code to set termios unbuffered modeDenys Vlasenko
function old new delta set_termios_to_raw - 116 +116 count_lines 72 74 +2 powertop_main 1458 1430 -28 top_main 943 914 -29 more_main 759 714 -45 fsck_minix_main 2969 2921 -48 conspy_main 1197 1135 -62 rawmode 99 36 -63 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 1/6 up/down: 118/-275) Total: -157 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-11more: hardcode FEATURE_USE_TERMIOS=y in this applet; code shrinkDenys Vlasenko
function old new delta get_wh - 27 +27 tcsetattr_tty_TCSANOW - 18 +18 gotsig 35 27 -8 more_main 835 759 -76 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 0/2 up/down: 45/-84) Total: -39 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-10Big cleanup in config help and descriptionDenys Vlasenko
Redundant help texts (one which only repeats the description) are deleted. Descriptions and help texts are trimmed. Some config options are moved, even across menus. No config option _names_ are changed. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-12-12df: implement -B n<suff> and -B <suff> formats of -B optionDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-28Code style fixes, no code changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-27fdisk_gpt: simplify GPT partition name printingDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-27fdisk: sanitize partition name printing; drop "Code" column; get rid of one ↵Denys Vlasenko
static var function old new delta list_table 2335 2373 +38 fill_bounds 131 128 -3 part_array_len 4 - -4 get_boot 1584 1574 -10 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 1/2 up/down: 38/-17) Total: 21 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-23Make "hd" independently selectableDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-23Convert all util-linux/* applets to "new style" applet definitionsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-16Make mkfs.vfat and mkdosfs individually selectableDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-16Make mke2fs and mkfs.ext2 individually selectableDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-14Make swapon and swapoff individually selectable.Denys Vlasenko
For example, without swapoff, code shrinks by 277 bytes. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-11-13Make setarch/linux32/linux64 independently selectableDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-11more: accept and ignore a bunch of optionsDenys Vlasenko
Alpine Linux stumbled over "more -s": http://bugs.alpinelinux.org/issues/5190 function old new delta more_main 857 872 +15 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-27mount: for cifs, dont insert "ip=ADDR" option if user gave it explicitlyDenys Vlasenko
This makes it possible to use scoped IPv6 addresses: mount -t cifs -o ip=<ADDR>%<iface_id> //<ADDR>/test test Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-26mount: tweak "IPv6 scoped addr" commitDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-26libbb: make xmalloc_sockaddr2dotted use NI_NUMERICSCOPEDenys Vlasenko
Gives "mount -t cifs //fe80::6a05:caff:fe3e:dbf5%eth0/test test" a chance to work: mount must pass "ip=numeric_IPv6%numeric_iface_id" in the omunt option string. Currently, it does not. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-17fdisk: fix CONFIG_FEATURE_SUN_LABEL=y buildDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-07mdev: create devices from /sys/devDenys Vlasenko
Currently some new devices that have a bus but no class will be missed by mdev coldplug device creation after boot. This happens because mdev recursively searches /sys/class which will by definition only find class devices. Some important devices such as iio and gpiochip does not have a class. But users will need them. This switches from using /sys/class as the place to look for devices to create to using /sys/dev where all char and block devices are listed. The subsystem lookup code that provide the G.subsystem environment variable is changed from using the directory name of the class device to instead dereference the "subsystem" symlink for the device, and look at the last element of the path of the symlink for the subsystem, which will work with class devices and bus devices alike. (The new bus-only devices only symlink to the /sys/bus/* hierarchy.) We delete the legacy kernel v2.6.2x /sys/block device path code as part of this change. It's too old to be kept alive. Tested on kernel v4.6-rc2 with a bunch of devices, including some IIO and gpiochip devices. With a print inserted before make_device() the log looks like so: Create device from "/sys/dev/char/1:1", subsystem "mem" Create device from "/sys/dev/char/1:2", subsystem "mem" Create device from "/sys/dev/char/1:3", subsystem "mem" Create device from "/sys/dev/char/1:5", subsystem "mem" (...) Create device from "/sys/dev/block/179:56", subsystem "block" Create device from "/sys/dev/block/179:64", subsystem "block" function old new delta mdev_main 1388 1346 -42 dirAction 134 14 -120 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-162) Total: -162 bytes Cc: Isaac Dunham <ibid.ag@gmail.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jonathan Cameron <jic23@cam.ac.uk> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>