Busybox 1.3.0 is available

Allan Clark allanc at chickenandporn.com
Sun Dec 17 18:05:11 PST 2006 

On 12/17/06, Denis Vlasenko <vda.linux at googlemail.com> wrote:
> On Saturday 16 December 2006 20:58, Aurelien Jacobs wrote:
> > On Fri, 15 Dec 2006 23:36:44 +0100
> > Denis Vlasenko <vda.linux at googlemail.com> wrote:
> >
> > > On Friday 15 December 2006 00:42, Aurelien Jacobs wrote:
> > > > 5. Compiling without any pwd_grp enabled in the system (neither in
> > > > uClibc nor in busybox). My system don't even have a /etc/passwd. It
> > > > don't have any kind of user management. And I don't wan't any user
> > > > managment code to get compiled in. Note that I didn't fixed this one
> > > > properly. I just wrote a crappy hack to get busybox to finally compile.
> > > > So 11_pwd_grp.diff shouldn't be commited. It's here just for the
> > > > example. Someone need to propose a proper fix.
> > >
> > > I propose putting #if around uidgid_get() declaration in .h file:
> > > ...
> > > This way gcc will optimize out code like "if ([!]uidgid_get(...)) ..."
> > >
> > > Give it a try if you feel so inclined.
> >
> > It would probably work.
> >
> > But the problem is not here.
> > In fact uidgid_get() do not depend on ENABLE_USE_BB_PWD_GRP. It also
> > work if the libc has an implementation of getpwnam(). The problem here
> > is that neither uClibc nor busybox has getpwnam() enabled. And their
> > is not config option to specify if the system has getpwnam() or not,
> > so it's not possible to know if uidgid_get() can be built.
>
> Thanks for the explanation.
>
> So you are building bbox for a system which has only UID 0 processes,
> no /etc/{passwd,shadow,group},
> and you want to remove all UID/user/group related code from bbox, right?
>
> Then you will probably need to add a separate CONFIG_NOT_UID0_ONLY_SYSTEM
> for it and #ifdef out relevant parts of code. Actually, there is not
> that many places to attack, pat of the following applets:
>         httpd, chpst, crontab, renice, start_stop_daemon,
>         archivers (just blindly set uid/gid to 0)
> And these applets should be completely disabled:
>         passwd, {add.del}{user,group}
> Maybe also chown, but what if you have an USB stick and want to
> chown files to UID0?
>
> CONFIG_NOT_UID0_ONLY_SYSTEM is descriptive but too long. Can't think of
> a shorter, but still understandable name at the moment.

CONFIG_UID0_ONLY_SYSTEM
(defaults to 'n')
(remove 4 chars :) )

Does that get a bit twisty in the Kconfig logic?

Allan

More information about the busybox mailing list