busybox: added busybox-suidwrapper

author: emmett1 <emmett1.2miligrams@protonmail.com> 2025-03-14 01:24:06 +0800
committer: emmett1 <emmett1.2miligrams@protonmail.com> 2025-03-14 01:24:06 +0800
commit: a627530fe6baf10151d3b48ca418b153d7987178 (patch)
tree: 55bf4e1e87ccb58ea6ba4001b8e97d91c4812aee
parent: a7957b7d0d51aedf984a639df582073a4adc403b (diff)
download: alicelinux-a627530fe6baf10151d3b48ca418b153d7987178.tar.gz
alicelinux-a627530fe6baf10151d3b48ca418b153d7987178.zip
4 files changed, 80 insertions, 33 deletions
diff --git a/repos/core/busybox/.checksum b/repos/core/busybox/.checksum
index a2f8b01a..49b7475e 100644
--- a/repos/core/busybox/.checksum
+++ b/repos/core/busybox/.checksum
@@ -3,6 +3,7 @@ dd9a578c6d1ba59f9d030befe3441ccfbbc9ce38825d496d690f2991a905dcad  0007-nologin-I
 d7fef12ae5c778a12294be5da8ff8ffcc4a3ff3e0a5dca5885964626a47c2a0f  acpid.run
 f62969ee1426bea40ffd603cb01aa4f6e264930ce29a0266b776f5d08253772a  adduser-no-setgid.patch
 dfdfc1b9aa41d5134e087d904c0a5f6958825f0e94db1d2cb5ea93088247c886  busybox-1.36.1.tar.bz2
+c8e25401863bfdecb4f3a5d4b68ef0507bac74dd69782ce3abdd7e49fecc4a80  busybox-suidwrapper.c
 2449dfd4fa9c7ccf62393fdb4163ad824e0a6736d2d7d8f32b31612dccdb9ab1  config
 48b8a6cc6f4aa539de48f5c4d405a4400239215fe3dc7f30df370951e51743ca  crond.run
 2fc84cd00bba1a27bb692fb61f7b06307bd2a618161c1f019efd5a8432b0f3c5  fsck-resolve-uuid.patch
diff --git a/repos/core/busybox/.files b/repos/core/busybox/.files
index a855702c..c924714d 100644
--- a/repos/core/busybox/.files
+++ b/repos/core/busybox/.files
@@ -4,7 +4,7 @@ lrwxrwxrwx root/root    bin/ash -> busybox
 lrwxrwxrwx root/root    bin/base32 -> busybox
 lrwxrwxrwx root/root    bin/base64 -> busybox
 -rwxr-xr-x root/root    bin/busybox
--rwsr-xr-x root/root    bin/busybox-suid
+-rwsr-xr-x root/root    bin/busybox-suidwrapper
 lrwxrwxrwx root/root    bin/cat -> busybox
 lrwxrwxrwx root/root    bin/chgrp -> busybox
 lrwxrwxrwx root/root    bin/chmod -> busybox
@@ -42,7 +42,7 @@ lrwxrwxrwx root/root    bin/link -> busybox
 lrwxrwxrwx root/root    bin/linux32 -> busybox
 lrwxrwxrwx root/root    bin/linux64 -> busybox
 lrwxrwxrwx root/root    bin/ln -> busybox
-lrwxrwxrwx root/root    bin/login -> busybox
+lrwxrwxrwx root/root    bin/login -> busybox-suidwrapper
 lrwxrwxrwx root/root    bin/ls -> busybox
 lrwxrwxrwx root/root    bin/lzop -> busybox
 lrwxrwxrwx root/root    bin/makemime -> busybox
@@ -50,7 +50,7 @@ lrwxrwxrwx root/root    bin/mkdir -> busybox
 lrwxrwxrwx root/root    bin/mknod -> busybox
 lrwxrwxrwx root/root    bin/mktemp -> busybox
 lrwxrwxrwx root/root    bin/more -> busybox
-lrwxrwxrwx root/root    bin/mount -> busybox-suid
+lrwxrwxrwx root/root    bin/mount -> busybox
 lrwxrwxrwx root/root    bin/mountpoint -> busybox
 lrwxrwxrwx root/root    bin/mpstat -> busybox
 lrwxrwxrwx root/root    bin/mt -> busybox
@@ -58,8 +58,8 @@ lrwxrwxrwx root/root    bin/mv -> busybox
 lrwxrwxrwx root/root    bin/netstat -> busybox
 lrwxrwxrwx root/root    bin/nice -> busybox
 lrwxrwxrwx root/root    bin/pidof -> busybox
-lrwxrwxrwx root/root    bin/ping -> busybox-suid
-lrwxrwxrwx root/root    bin/ping6 -> busybox
+lrwxrwxrwx root/root    bin/ping -> busybox-suidwrapper
+lrwxrwxrwx root/root    bin/ping6 -> busybox-suidwrapper
 lrwxrwxrwx root/root    bin/pipe_progress -> busybox
 lrwxrwxrwx root/root    bin/printenv -> busybox
 lrwxrwxrwx root/root    bin/ps -> busybox
@@ -77,12 +77,12 @@ lrwxrwxrwx root/root    bin/sh -> busybox
 lrwxrwxrwx root/root    bin/sleep -> busybox
 lrwxrwxrwx root/root    bin/stat -> busybox
 lrwxrwxrwx root/root    bin/stty -> busybox
-lrwxrwxrwx root/root    bin/su -> busybox-suid
+lrwxrwxrwx root/root    bin/su -> busybox-suidwrapper
 lrwxrwxrwx root/root    bin/sync -> busybox
 lrwxrwxrwx root/root    bin/tar -> busybox
 lrwxrwxrwx root/root    bin/touch -> busybox
 lrwxrwxrwx root/root    bin/true -> busybox
-lrwxrwxrwx root/root    bin/umount -> busybox-suid
+lrwxrwxrwx root/root    bin/umount -> busybox
 lrwxrwxrwx root/root    bin/uname -> busybox
 lrwxrwxrwx root/root    bin/usleep -> busybox
 lrwxrwxrwx root/root    bin/vi -> busybox
@@ -201,7 +201,7 @@ lrwxrwxrwx root/root    usr/bin/cksum -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/cmp -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/comm -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/crc32 -> ../../bin/busybox
-lrwxrwxrwx root/root    usr/bin/crontab -> ../../bin/busybox-suid
+lrwxrwxrwx root/root    usr/bin/crontab -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/cryptpw -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/cut -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/dc -> ../../bin/busybox
@@ -259,7 +259,7 @@ lrwxrwxrwx root/root    usr/bin/nsenter -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/nslookup -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/od -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/openvt -> ../../bin/busybox
-lrwxrwxrwx root/root    usr/bin/passwd -> ../../bin/busybox-suid
+lrwxrwxrwx root/root    usr/bin/passwd -> ../../bin/busybox-suidwrapper
 lrwxrwxrwx root/root    usr/bin/paste -> ../../bin/busybox
 -rwxr-xr-x root/root    usr/bin/pause
 lrwxrwxrwx root/root    usr/bin/pgrep -> ../../bin/busybox
@@ -308,8 +308,8 @@ lrwxrwxrwx root/root    usr/bin/time -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/timeout -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/top -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/tr -> ../../bin/busybox
-lrwxrwxrwx root/root    usr/bin/traceroute -> ../../bin/busybox-suid
-lrwxrwxrwx root/root    usr/bin/traceroute6 -> ../../bin/busybox-suid
+lrwxrwxrwx root/root    usr/bin/traceroute -> ../../bin/busybox-suidwrapper
+lrwxrwxrwx root/root    usr/bin/traceroute6 -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/tree -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/truncate -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/ts -> ../../bin/busybox
@@ -328,10 +328,10 @@ lrwxrwxrwx root/root    usr/bin/uptime -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/users -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/uudecode -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/uuencode -> ../../bin/busybox
-lrwxrwxrwx root/root    usr/bin/vlock -> ../../bin/busybox-suid
+lrwxrwxrwx root/root    usr/bin/vlock -> ../../bin/busybox-suidwrapper
 lrwxrwxrwx root/root    usr/bin/volname -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/w -> ../../bin/busybox
-lrwxrwxrwx root/root    usr/bin/wall -> ../../bin/busybox
+lrwxrwxrwx root/root    usr/bin/wall -> ../../bin/busybox-suidwrapper
 lrwxrwxrwx root/root    usr/bin/wc -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/wget -> ../../bin/busybox
 lrwxrwxrwx root/root    usr/bin/which -> ../../bin/busybox
diff --git a/repos/core/busybox/abuild b/repos/core/busybox/abuild
index 53035738..4c777454 100644
--- a/repos/core/busybox/abuild
+++ b/repos/core/busybox/abuild
@@ -1,7 +1,8 @@
 name=busybox
 version=1.36.1
-release=3
+release=4
 source="https://${name}.net/downloads/${name}-${version}.tar.bz2
+	busybox-suidwrapper.c
 	config
 	mdev.conf
 	fsck-resolve-uuid.patch
@@ -63,25 +64,13 @@ build() {
 		rm $PKG/*/$i || true
 		rm $PKG/*/*/$i || true
 	done
-	
-	cp $PKG/bin/busybox $PKG/bin/busybox-suid
-	chmod u+s $PKG/bin/busybox-suid
-	
-	for a in bin/mount \
-		bin/umount \
-		bin/su \
-		bin/ping ; do
-		rm $PKG/$a
-		ln -sv busybox-suid $PKG/$a
-	done
-	
-	for a in usr/bin/crontab \
-		usr/bin/passwd \
-		usr/bin/traceroute \
-		usr/bin/traceroute6 \
-		usr/bin/vlock; do
-		rm $PKG/$a
-		ln -sv ../../bin/busybox-suid $PKG/$a
+
+	${CC:-cc} -o $PKG/bin/busybox-suidwrapper $SRC/busybox-suidwrapper.c
+	chmod u+s $PKG/bin/busybox-suidwrapper
+
+	for i in $($PKG/bin/busybox-suidwrapper -l); do
+		[ -e /bin/$i ] && ln -svf busybox-suidwrapper $PKG/bin/$i
+		[ -e /usr/bin/$i ] && ln -svf ../../bin/busybox-suidwrapper $PKG/usr/bin/$i
 	done
 	
 	mkdir -p $PKG/etc
diff --git a/repos/core/busybox/busybox-suidwrapper.c b/repos/core/busybox/busybox-suidwrapper.c
new file mode 100644
index 00000000..e1f91069
--- /dev/null
+++ b/repos/core/busybox/busybox-suidwrapper.c
@@ -0,0 +1,57 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <libgen.h>
+
+int main(int argc, char **argv)
+{
+    const char * cmds[] = {
+        "su",
+        "ping",
+        "ping6",
+        "traceroute",
+        "passwd",
+        "login",
+        "vlock",
+        "wall"
+    };
+
+    const char * baseexec = basename(argv[0]);
+
+    if (!strcmp("busybox-suidwrapper", baseexec))
+    {
+        if (argc > 1 && !strcmp("-l", argv[1])){
+          for (int i = 0; i < sizeof(cmds) / sizeof(cmds[0]); ++i)
+          {
+            printf("%s ", cmds[i]);
+          }
+          printf("\n");
+        } else {
+          printf("busybox SUID wrapper\n\nSupported commands:\n");
+          printf("Usage:\n -l\tList available SUID commands\n");
+          if (argc > 1) return 1;
+        }
+        return 0;
+    }
+
+    for (int i = 0; i < sizeof(cmds) / sizeof(cmds[0]); ++i)
+    {
+        if (!strcmp(cmds[i], baseexec))
+        {
+            char **newargv = malloc(sizeof(char *) * (argc + 2));
+            newargv[0] = "/bin/busybox";
+            newargv[1] = (char *)baseexec;
+            for (int i = 1; i < argc; i++)
+                newargv[i + 1] = argv[i];
+            newargv[argc + 1] = NULL;
+
+            int ret = execv("/bin/busybox", newargv);
+            free(newargv);
+            perror(argv[0]);
+            return ret;
+        }
+    }
+    fprintf(stderr, "%s","error: command not in suid whitelist!\n");
+    return 1;
+}
author	emmett1 <emmett1.2miligrams@protonmail.com>	2025-03-14 01:24:06 +0800
committer	emmett1 <emmett1.2miligrams@protonmail.com>	2025-03-14 01:24:06 +0800
commit	a627530fe6baf10151d3b48ca418b153d7987178 (patch)
tree	55bf4e1e87ccb58ea6ba4001b8e97d91c4812aee
parent	a7957b7d0d51aedf984a639df582073a4adc403b (diff)
download	alicelinux-a627530fe6baf10151d3b48ca418b153d7987178.tar.gz alicelinux-a627530fe6baf10151d3b48ca418b153d7987178.zip