Commit Graph

15144 Commits

Author SHA1 Message Date
Denys Vlasenko
b0c0b6d5ba setpriv: remove dependency on libcap headers
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 17:59:40 +02:00
Denys Vlasenko
2bfe7838ab setpriv: factor out capability name printing
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 16:09:45 +02:00
Denys Vlasenko
cf5748cc89 setpriv: code shrink, and grouping capability code together
function                                             old     new   delta
static.versions                                        -       3      +3
getcaps                                              174     149     -25

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 16:00:07 +02:00
Patrick Steinhardt
6842d00ceb setpriv: allow modifying ambient capabilities
With Linux 4.3, a new set of capabilities has been introduced with the
ambient capabilities. These aim to solve the problem that it was
impossible to grant run programs with elevated privileges across
non-root users. Quoting from capabilities(7):

    This is a set of capabilities that are preserved across an execve(2)
    of a program that is not privileged.  The ambient capability set
    obeys the invariant that no capability can ever be ambient if it is
    not both permitted and inheritable.

With this new set of capabilities it is now possible to run an
executable with elevated privileges as a different user, making it much
easier to do proper privilege separation.

Note though that the `--ambient-caps` switch is not part of any released
version of util-linux, yet. It has been applied in 0c92194ee (setpriv:
support modifying the set of ambient capabilities, 2017-06-24) and will
probably be part of v2.31.

function                                             old     new   delta
parse_cap                                              -     174    +174
setpriv_main                                        1246    1301     +55
.rodata                                           146307  146347     +40
static.setpriv_longopts                               40      55     +15
packed_usage                                       32092   32079     -13

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 02:14:23 +02:00
Patrick Steinhardt
0f49f6f926 setpriv: allow modifying inheritable caps
The main use case of setpriv is to modify the current state of
privileges available to the calling process and spawn a new executable
with the modified, new state. Next to the already supported case of
modifying the no-new-privs flag, util-linux also supports to modify
capability sets.

This commit introduces to add or drop capabilities from the set of
inheritable capabilities. Quoting from capabilities(7):

    This is a set of capabilities preserved across an execve(2).
    Inheritable capabilities remain inheritable when executing any
    program, and inheritable capabilities are added to the permitted set
    when executing a program that has the corresponding bits set in the
    file inheritable set.

As such, inheritable capabilities enable executing files with certain
privileges if the file itself has these privileges set. Note though that
inheritable capabilities are dropped across execve when running as a
non-root user.

function                                             old     new   delta
getcaps                                                -     237    +237
setpriv_main                                        1129    1246    +117
.rodata                                           146198  146307    +109
static.setpriv_longopts                               29      40     +11
packed_usage                                       32107   32092     -15

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 01:59:45 +02:00
Patrick Steinhardt
5e0987405c setpriv: dump ambient capabilities
As with the previous commit, this commit introduces the ability to dump
the set of ambient capabilities.

function                                             old     new   delta
setpriv_main                                         982    1129    +147
.rodata                                           146148  146198     +50

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 23:02:33 +02:00
Patrick Steinhardt
f34c701fa8 setpriv: dump capability bounding set
As with the previous commit, this one implements the ability to dump the
capability bounding set.

function                                             old     new   delta
setpriv_main                                         838     982    +144
.rodata                                           146101  146148     +47

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:59:23 +02:00
Patrick Steinhardt
ad63102943 setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.

By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.

To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:

function                                             old     new   delta
.rodata                                           145969  146405    +436
setpriv_main                                         467     842    +375
capabilities                                           -     304    +304

And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:

function                                             old     new   delta
setpriv_main                                         467     838    +371
.rodata                                           145969  146101    +132

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
Patrick Steinhardt
10c53b85c9 setpriv: dump no-new-privs info
Introduce the ability to dump the state of the no-new-privs flag, which
states whethere it is allowed to grant new privileges.

function                                             old     new   delta
setpriv_main                                         419     467     +48
.rodata                                           145926  145969     +43

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:27:22 +02:00
Denys Vlasenko
111cdcf295 shell: sync redir/* tests
Note: hush-redir/redir_to_bad_fd.tests currently fails

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 21:01:50 +02:00
Denys Vlasenko
1ff1a75710 ash: rename redir5.tests (hush has redir5.tests which is different)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 21:00:19 +02:00
Denys Vlasenko
50b8b2914b hush: add a TODO about redir3.tests failure
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 20:57:37 +02:00
Denys Vlasenko
a107ef2a6a hush: rename hush-redir/redir3.tests (ash has redir3.tests which id different)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 20:36:40 +02:00
Denys Vlasenko
e59591a364 hush: Print error messages on shift -1
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 20:12:44 +02:00
Denys Vlasenko
74d20e6379 typo fix
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 19:50:42 +02:00
Denys Vlasenko
5dad7bdc3b hush: implement negative start in the ${v: -n[:m]} idiom
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 19:48:20 +02:00
Denys Vlasenko
3234045d07 hush: "adopt" ash var-utf8-length.tests
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 19:29:23 +02:00
Denys Vlasenko
7456298472 hush: "adopt" ash signal4.tests
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 18:40:45 +02:00
Denys Vlasenko
b18b04c8a8 shell: remove duplicate sigint1.tests (another copies are in signals/)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 18:37:30 +02:00
Denys Vlasenko
cafb2d195d hush: add tickquote1.tests from ash testsuite
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 18:31:47 +02:00
Denys Vlasenko
bb963bda62 shell: syncronize ash and hush heredoc3.tests
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 18:19:35 +02:00
Denys Vlasenko
959cb67428 shell: syncronize ash and hush heredoc1.tests
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 18:16:18 +02:00
Denys Vlasenko
9a8ece5158 shell: syncronize ash_test/run-all and hush_test/run-all a bit
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 17:59:25 +02:00
Denys Vlasenko
3c9688e587 makedevs: code shrink
function                                             old     new   delta
makedevs_main                                       1071    1052     -19

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 02:17:24 +02:00
Denys Vlasenko
3532e60ca8 makedevs: allow much longer filenames
function                                             old     new   delta
makedevs_main                                       1056    1071     +15

Patch by Kang-Che Sung <explorer09@gmail.com>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 02:04:32 +02:00
Denys Vlasenko
637982f5bb hush: correctly handle quoting in "case" even if !BASH_PATTERN_SUBST
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 01:52:23 +02:00
Peter Korsgaard
d13c1762a8 dpkg: fix CONFIG_FEATURE_CLEAN_UP handling
dpkg moved to away from dynamically allocating the hashtables in commit
c87339d584 (dpkg: trivial code shrinkage, and redo G trick correctly) almost
ten years ago, but the cleanup code was never adjusted to match.

Glibc loudly complains about this:

*** Error in `dpkg': free(): invalid pointer: 0x0000007fac3478c0 ***

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-05 23:15:13 +02:00
Denys Vlasenko
bd43c6784f hush: fix quoted_punct.tests failure
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-05 23:12:15 +02:00
Denys Vlasenko
4142f0187d ash: fix escaping of a few characters (broken by last commits)
Add a testcase which tests all ASCII punctuation escapes.
NB: hush is failing this test!

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-05 22:19:28 +02:00
Denys Vlasenko
ed79a63623 ash: tweak in comment
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-05 19:20:43 +02:00
Denys Vlasenko
92b8d9c9fa ash: note which versions of glibc exhibit "rho bug"
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-05 19:13:44 +02:00
Denys Vlasenko
fda9fafe27 ash: fix matching of unicode greek letter rho (cf 81) and similar cases
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-05 19:10:21 +02:00
Denys Vlasenko
6798486141 setpriv: dump user and group info
setpriv from util-linux has an option to dump the current state
regarding privilege settings via '--dump'. It prints out information on
the real and effective user and group IDs, supplementary groups, the
no-new-privs flag, the capability sets as well as secure bits.

This patch is the start of supporting this mode. To make introduction of
the '--dump' easier to reason about, its introduction has been split
into multiple patches. This particular one introduces the ability to
print out user and group information of the current process.

function                                             old     new   delta
setpriv_main                                          89     322    +233
getresuid                                              -      41     +41
getresgid                                              -      41     +41
static.setpriv_longopts                               22      29      +7
packed_usage                                       31675   31669      -6
------------------------------------------------------------------------------
(add/remove: 4/0 grow/shrink: 2/1 up/down: 322/-6)            Total: 316 bytes

Patch by Patrick Steinhardt <ps@pks.im>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 18:59:11 +02:00
Denys Vlasenko
a8cf9c5a3f libbb: new function bb_getgroups() - allocating wrapper around getgroups()
function                                             old     new   delta
bb_getgroups                                           -     111    +111
nexpr                                                843     757     -86
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 0/1 up/down: 111/-86)            Total: 25 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 18:56:45 +02:00
Patrick Steinhardt
6a3bcf340a setpriv: prepare option parsing logic for additional opts
The current option parsing logic of setpriv only supports the case where
we want to execute a sub-program and have at most one argument. Refactor
handling of options to solve these shortcomings to make it easy to
support 'setpriv --dump', which does not accept any additional
arguments, as well as the case where additional options are passed to
setpriv. This is done by handling 'argc' ourselves, throwing an error
when no program is specified, as well as introducing an enum for the
different option bitmasks.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 17:15:32 +02:00
Patrick Steinhardt
d253b557a3 setpriv: do not process remaining args
By default, the 'getopt32' call will continue parsing the command line
even after hitting a non-option string. But in setpriv, this should be
avoided, as all parameters following the initial non-option argument are
in fact arguments to the binary that is to be executed by setpriv.
Otherwise, calling e.g. 'busybox setpriv ls -l' would result in an error
due to the unknown parameter "-l".

Fix the issue by passing "+" as the first character in the options
string. This will cause 'getopt32' to stop processing after hitting the
first non-option.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 17:10:31 +02:00
Denys Vlasenko
558aae1a33 tls: use capped SNI len everywhere
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 16:52:45 +02:00
Denys Vlasenko
034ceabe82 bzcat: compile bunzip2_main() if BZCAT.
Currently, BZCAT (and BUNZIP2) selects FEATURE_BZIP2_DECOMPRESS,
thus, "#if ENABLE_FEATURE_BZIP2_DECOMPRESS" around bunzip2_main()
is sufficient. But let's robustify it.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 16:23:36 +02:00
Denys Vlasenko
d1f222c3b0 Change BB_EXTRA_VERSION: now it needs to contain any spaces/parenthesis
Before this change, BB_EXTRA_VERSION of "" resulted in:

	"BusyBox v1.28.0.git () multi-call binary"

message, after the fix it is:

	"BusyBox v1.28.0.git multi-call binary"

While at it, eliminate BB_BT and BANNER single-use macros.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 16:01:12 +02:00
Denys Vlasenko
d4e4fdb5ce fixes for bugs found by make_single_applets.sh
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-03 21:31:16 +02:00
Denys Vlasenko
2e989ef232 msh: delete this applet
It's deprecated since 2009 and interferes with make_single_applets.sh tests.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-03 16:56:37 +02:00
Denys Vlasenko
f82be93c1c Start 1.28.0 development cycle
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-03 13:41:18 +02:00
Denys Vlasenko
ceaffde511 Bump version to 1.27.0
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-03 13:40:46 +02:00
Denys Vlasenko
7fdb764e2e scripts/randomtest: update things which can't be tested on uclibc
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-03 02:33:08 +02:00
Denys Vlasenko
4ee824f6ba randomconfig fixes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-03 01:22:13 +02:00
Denys Vlasenko
48c803a206 ash: fix $HOME/.profile reading if !ASH_EXPAND_PRMT, take 2
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-01 23:26:12 +02:00
Denys Vlasenko
e9aba3e7ea ash: fix 'trap - 65'
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-01 21:09:27 +02:00
Denys Vlasenko
ba4fbca8a8 udhcpc6: make -O OPT work
Patch is based on work by tiggerswelt.net.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-06-28 19:18:17 +02:00
Denys Vlasenko
ae2b9f286c modutils: delete unused replace_underscores()
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-06-28 19:10:29 +02:00
Denys Vlasenko
470bebe672 udhcpc6: add comments about option 39, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-06-27 18:31:08 +02:00