BusyBox has support for embedded shell scripts. Two types can be
distinguished: custom scripts and scripts implementing applets.
Custom scripts should be placed in the 'embed' directory at build
time. They are given a default applet configuration and appear
as applets to the user but no further configuration is possible.
Applet scripts are integrated with the BusyBox build system and
are intended to be used to ship standard applets that just happen
to be implemented as scripts. They can be configured at build time
and appear just like native applets.
Such scripts should be placed in the 'applets_sh' directory. A stub
C program should be written to provide the usual applet configuration
details and placed in a suitable subsystem directory. It may be
helpful to have a configuration option to enable any dependencies the
script requires: see the 'nologin' applet for an example.
function old new delta
scripted_main - 41 +41
applet_names 2773 2781 +8
applet_main 1600 1604 +4
i2cdetect_main 672 674 +2
applet_suid 100 101 +1
applet_install_loc 200 201 +1
applet_flags 100 101 +1
packed_usage 33180 33179 -1
tryexec 159 152 -7
evalcommand 1661 1653 -8
script_names 9 - -9
packed_scripts 123 114 -9
complete_cmd_dir_file 826 811 -15
shellexec 271 254 -17
find_command 1007 990 -17
busybox_main 642 624 -18
run_applet_and_exit 100 78 -22
find_script_by_name 51 - -51
------------------------------------------------------------------------------
(add/remove: 1/2 grow/shrink: 6/9 up/down: 58/-174) Total: -116 bytes
text data bss dec hex filename
950034 477 7296 957807 e9d6f busybox_old
949918 477 7296 957691 e9cfb busybox_unstripped
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Similar code to unpack embedded data is used to decompress usage
messages, embedded scripts and the config file (in the non-default
bbconfig applet).
Moving this code to a common function reduces the size of the default
build and hides more of the internals of libarchive.
function old new delta
unpack_bz2_data - 135 +135
bb_show_usage 137 157 +20
get_script_content 32 47 +15
unpack_scripts 119 - -119
unpack_usage_messages 124 - -124
------------------------------------------------------------------------------
(add/remove: 1/2 grow/shrink: 2/0 up/down: 170/-243) Total: -73 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
To assist in the deployment of shell scripts it may be convenient
to embed them in the BusyBox binary.
'Embed scripts in the binary' takes any files in the directory
'embed', concatenates them with null separators, compresses them
and embeds them in the binary.
When scripts are embedded in the binary, scripts can be run as
'busybox SCRIPT [ARGS]' or by usual (sym)link mechanism.
embed/nologin is provided as an example.
function old new delta
packed_scripts - 123 +123
unpack_scripts - 87 +87
ash_main 1103 1171 +68
run_applet_and_exit 78 128 +50
get_script_content - 32 +32
script_names - 10 +10
expmeta 663 659 -4
------------------------------------------------------------------------------
(add/remove: 4/0 grow/shrink: 2/1 up/down: 370/-4) Total: 366 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Based on a patch from Steven McDonald <steven@steven-mcdonald.id.au>:
This makes 'unshare --user' work correctly in the case where the user's
shell is provided by busybox itself.
'unshare --user' creates a new user namespace without any uid mappings.
As a result, /bin/busybox is setuid nobody:nogroup within the
namespace, as that is the only user. However, since no uids are mapped,
attempting to call setgid/setuid fails, even though this would do
nothing:
$ unshare --user ./busybox.broken ash
ash: setgid: Invalid argument
'unshare --map-root-user' still works, but because Linux only allows
uid/gid mappings to be set up once, creating a root mapping makes such
a namespace useless for creating multi-user containers.
With this patch, setgid and setuid will not be called in the case where
they would do nothing, which is always the case inside a new user
namespace because all uids are effectively mapped to nobody:
$ id -u
1000
$ ls -lh busybox.fixed
-rwsr-xr-x 1 root root 826.2K May 21 00:33 busybox.fixed
$ unshare --user ./busybox.fixed ash
$ id -u
65534
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Many other appletw don't - they unconditionally use get_terminal_wodth(),
and here the amount of code saved by FEATURE_AUTOWIDTH=n is tiny.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
libbb/appletlib.c:558:12: warning: 'ingroup' defined but
not used [-Wunused-function]
static int ingroup(uid_t u, gid_t g)
^~~~~~~
That function is used only if FEATURE_SUID_CONFIG is also enabled.
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Allocation addresses of malloc() are jittery,
thought I had a mem leak in hush, but it was malloc variability.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Run this in a "sh SCRIPT":
sha256sum /dev/null
echo END
sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s.
By this time, entire script is read, and buffered in a FILE object
from fopen("SCRIPT"). But fgetc() did not consume entire input.
exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'.
(this may be libc-specific).
This change of fd position *is shared with the parent*!
Now parent can read more, and it thinks there is another "echo END".
End result: two "echo END"s are run.
Fix this by _exit()ing instead.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When busybox is configured to contain a single applet an unnecessary
declaration of run_applet_and_exit results in a warning. Move the
declaration to avoid this.
Reported-by: Lauri Kasanen <curaga@operamail.com>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Both calls to run_applet_and_exit are followed by the same code
to print an error message and return status 127. Remove this
duplication and make run_applet_and_exit static.
function old new delta
run_applet_and_exit 675 667 -8
main 119 92 -27
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-35) Total: -35 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
A recent commit made it possible to disable BusyBox's --install
and --list options. However it also stopped "busybox <applet>
<params>" from working.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If it's disabled, code shrinks by about 900 bytes:
function old new delta
usr_bin 10 - -10
usr_sbin 11 - -11
install_dir 20 - -20
applet_install_loc 184 - -184
run_applet_and_exit 686 21 -665
------------------------------------------------------------------------------
(add/remove: 0/4 grow/shrink: 0/1 up/down: 0/-890) Total: -890 bytes
text data bss dec hex filename
911327 493 7336 919156 e0674 busybox_old
909848 493 7336 917677 e00ad busybox_unstripped
but busybox executable by itself does not say anything useful:
$ busybox
busybox: applet not found
Based on the patch by Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The loop
for (j = ARRAY_SIZE(applet_nameofs)-1; j >= 0; j--) {
was intended to terminate when j goes negative, so j needs to be signed.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The array applet_nameofs consumes two bytes per applet. It encodes
nofork/noexec flags
suid flags
the offset of the applet name in the applet_name string
Change the applet_table build tool to store the flags in two separate
arrays (applet_flags and applet_suid). Replace applet_nameofs[] with a
smaller version that only stores a limited number of offsets.
This requires changes to the macros APPLET_IS_NOFORK, APPLET_IS_NOEXEC
and APPLET_SUID.
According to Valgrind the original find_applet_by_name required
353 cycles per call, averaged over all names. Adjusting the number
of known offsets allows space to be traded off against execution time:
KNOWN_OFFSETS cycles bytes (wrt KNOWN_OFFSETS = 0)
0 9057 -
2 4604 32
4 2407 75
8 1342 98
16 908 130
32 884 194
This patch uses KNOWN_OFFSETS = 8.
v2:
Remove some dead code from the applet_table tool;
Treat the applet in the middle of the table as a special case.
v3:
Use the middle applet to adjust the start of the linear search as
well as the last applet found.
v4:
Use an augmented linear search in find_applet_by_name.
Drop the special treatment of the middle name from get_applet_name:
most of the advantage now derives from the last stored value.
v5:
Don't store index in applet_nameofs, it can be calculated.
v6:
Tweaks by Denys
function old new delta
find_applet_by_name 25 125 +100
applet_suid - 92 +92
run_applet_no_and_exit 452 460 +8
run_applet_and_exit 695 697 +2
applet_name_compare 31 - -31
applet_nameofs 734 14 -720
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 3/1 up/down: 202/-751) Total: -549 bytes
text data bss dec hex filename
925464 906 17160 943530 e65aa busybox_old
924915 906 17160 942981 e6385 busybox_unstripped
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This also removes their help texts.
function old new delta
run_applet_no_and_exit 442 452 +10
packed_usage 30713 30625 -88
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Copyright years seem to be out of date, e.g. coreutils/truncate.c
has Copyright (C) 2015.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
It is not clear why we were excluding init from this.
The "getpid() != 1" clause was there from the beginning (2001)
but not explained.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When you build with FEATURE_INSTALLER disabled, you get a build
warning like so:
libbb/appletlib.c: In function 'busybox_main':
libbb/appletlib.c:691:7: warning: variable 'use_symbolic_links' set but
not used [-Wunused-but-set-variable]
int use_symbolic_links;
^
Signed-off-by: Mike Frysinger <vapier@gentoo.org>