Busybox 1.3.0 is available
Denis Vlasenko
vda.linux at googlemail.com
Sun Dec 17 12:00:20 UTC 2006
On Saturday 16 December 2006 20:58, Aurelien Jacobs wrote:
> On Fri, 15 Dec 2006 23:36:44 +0100
> Denis Vlasenko <vda.linux at googlemail.com> wrote:
>
> > On Friday 15 December 2006 00:42, Aurelien Jacobs wrote:
> > > 5. Compiling without any pwd_grp enabled in the system (neither in
> > > uClibc nor in busybox). My system don't even have a /etc/passwd. It
> > > don't have any kind of user management. And I don't wan't any user
> > > managment code to get compiled in. Note that I didn't fixed this one
> > > properly. I just wrote a crappy hack to get busybox to finally compile.
> > > So 11_pwd_grp.diff shouldn't be commited. It's here just for the
> > > example. Someone need to propose a proper fix.
> >
> > I propose putting #if around uidgid_get() declaration in .h file:
> > ...
> > This way gcc will optimize out code like "if ([!]uidgid_get(...)) ..."
> >
> > Give it a try if you feel so inclined.
>
> It would probably work.
>
> But the problem is not here.
> In fact uidgid_get() do not depend on ENABLE_USE_BB_PWD_GRP. It also
> work if the libc has an implementation of getpwnam(). The problem here
> is that neither uClibc nor busybox has getpwnam() enabled. And their
> is not config option to specify if the system has getpwnam() or not,
> so it's not possible to know if uidgid_get() can be built.
Thanks for the explanation.
So you are building bbox for a system which has only UID 0 processes,
no /etc/{passwd,shadow,group},
and you want to remove all UID/user/group related code from bbox, right?
Then you will probably need to add a separate CONFIG_NOT_UID0_ONLY_SYSTEM
for it and #ifdef out relevant parts of code. Actually, there is not
that many places to attack, pat of the following applets:
httpd, chpst, crontab, renice, start_stop_daemon,
archivers (just blindly set uid/gid to 0)
And these applets should be completely disabled:
passwd, {add.del}{user,group}
Maybe also chown, but what if you have an USB stick and want to
chown files to UID0?
CONFIG_NOT_UID0_ONLY_SYSTEM is descriptive but too long. Can't think of
a shorter, but still understandable name at the moment.
--
vda
More information about the busybox
mailing list