I believe I have found a bug in the current version of busybox. When: * an applet is marked NOEXEC, * busybox is configured with CONFIG_FEATURE_SH_STANDALONE=y, and * busybox's ash is asked to do "ENV_VAR=newval no_exec_app" Then the no_exec app is not called with the new environment.
This affects git master d5c1482fbac71c51e3add52632cdf1f9f9e6661b and 1:1.21.0-1ubuntu1 To reproduce from git (on linux): git pull make defconfig sed -i 's/# CONFIG_FEATURE_SH_STANDALONE is not set/CONFIG_FEATURE_SH_STANDALONE=y/' .config make ./busybox ash -c 'BUG=1 head /proc/self/environ | grep -q BUG && echo ok || echo bug' ./busybox ash -c 'BUG=1 ./busybox head /proc/self/environ | grep -q BUG && echo ok || echo bug' The first echoes "bug" because the environment is not set. The second bypasses the NOEXEC and reports "ok" because the environment is set. If CONFIG_FEATURE_SH_STANDALONE is not set, then both echo "ok". The bug is also in the ubuntu version of busybox (so its not a recent change). $ docker run --rm busybox:1-ubuntu sh -c \ 'BUG=1 head /proc/self/environ | grep -q BUG && echo ok || echo bug' bug $ docker run --rm busybox:1-ubuntu sh -c \ 'BUG=1 /bin/head /proc/self/environ | grep -q BUG && echo ok || echo bug' ok Alpine linux uses a similar command to check if /proc is really mounted, or is just a semi-convincing fake. With CONFIG_FEATURE_SH_STANDALONE, real /proc registers as a fake. _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
