Quick reminder: This series aims to implement the following features in the simplest way possible: 1. Introduce a simple way to control exec calls by all applets. 2. Create a unified interface from which applets can execute other applets using the no-exec feature (reducing duplicate code). 3. Allow blocking exec calls altogether using the exec proxy functions. 4. Adapt all applets to run with these modifications.
These features, when enabled, make busybox entirely self-contained, meaning it can be linked into other projects and used as an embedded POSIX(ish) shell. The previous version of this series received criticism due to a commit I introduced that had undesired security implications. I hope my reply here is sufficient as a summery to the discussion: https://lists.busybox.net/pipermail/busybox/2025-June/091576.html This commit has now been dropped in favor of a new commit that approaches the problem at hand from a different angle. See 'support shell aliases for ash and hush'. Differences from previous version: 1. Fixed some whitespace issues 2. Dropped 'Use "sh" as shell name when FEATURE_PREFER_APPLETS is enabled' due to legitimate concern over it's security implications. 3. Added 'support shell aliases for ash and hush' to implement the desired functionality lost in the dropped commit. 4. Fixed bug in 'allow forcing all applets to behave as NOEXEC applets'. Previous version is here: https://lists.busybox.net/pipermail/busybox/2025-June/091505.html Nadav Tasher (17): libbb: mask xvfork to xfork on MMU targets libbb: implement clone_string_array libbb: implement close_cloexec_fds libbb: implement reset_all_signals libbb: implement bb_execXX function family to handle applet executions libbb: make spawn and spawn_and_wait use bb_execvp libbb: implement bb_system using spawn_and_wait applets: change system() calls to bb_system() libbb: make bb_system use get_shell_name to find shell ash: use bb_execve to execute commands and applets in tryexec hush: use bb_execvp to execute commands and applets in execvp_or_die tar: replace execlp call with bb_execvp, disable xz compression support when FEATURE_PREFER_APPLETS is enabled applets: use bb_execXX functions instead of direct exec calls httpd: replace execv call with bb_execv and disable FEATURE_HTTPD_CGI when FEATURE_PREFER_APPLETS is enabled libbb: allow forcing all applets to behave as NOEXEC applets libbb: implement re_exec using bb_execv shell: support shell aliases for ash and hush Config.in | 33 +++++ Makefile | 7 +- archival/dpkg.c | 2 +- archival/libarchive/data_extract_to_command.c | 14 ++- archival/libarchive/open_transformer.c | 3 +- archival/tar.c | 28 ++++- console-tools/openvt.c | 2 +- console-tools/reset.c | 2 +- coreutils/chroot.c | 2 +- coreutils/env.c | 2 +- coreutils/nice.c | 2 +- coreutils/nohup.c | 2 +- coreutils/timeout.c | 2 +- debianutils/start_stop_daemon.c | 2 +- docs/nofork_noexec.txt | 17 ++- editors/awk.c | 2 +- editors/vi.c | 2 +- include/.gitignore | 2 + include/busybox.h | 6 +- include/libbb.h | 55 +++++--- init/bootchartd.c | 21 +++- init/halt.c | 9 +- init/init.c | 4 +- libbb/Kbuild.src | 1 + libbb/clone_string_array.c | 29 +++++ libbb/executable.c | 117 ++++++++++++++++-- libbb/run_shell.c | 4 +- libbb/signals.c | 26 ++++ libbb/vfork_daemon_rexec.c | 74 ++++++++--- libbb/xfuncs.c | 10 ++ loginutils/adduser.c | 7 +- loginutils/getty.c | 19 ++- mailutils/mail.c | 2 +- mailutils/reformime.c | 2 +- miscutils/conspy.c | 11 +- miscutils/crond.c | 38 +++++- miscutils/crontab.c | 13 +- miscutils/man.c | 2 +- miscutils/time.c | 2 +- networking/ftpd.c | 3 +- networking/httpd.c | 14 ++- networking/ifupdown.c | 17 ++- networking/inetd.c | 6 +- networking/nc.c | 3 +- networking/nc_bloaty.c | 2 +- networking/slattach.c | 2 +- networking/tcpudp.c | 2 +- networking/telnetd.c | 2 +- networking/wget.c | 5 +- printutils/lpd.c | 2 +- procps/watch.c | 2 +- runit/chpst.c | 2 +- runit/runsv.c | 9 +- runit/runsvdir.c | 13 +- runit/svlogd.c | 15 ++- scripts/shell_aliases | 11 ++ selinux/runcon.c | 2 +- shell/ash.c | 84 ++++++------- shell/cttyhack.c | 2 +- shell/hush.c | 88 +++---------- util-linux/chrt.c | 2 +- util-linux/ionice.c | 2 +- util-linux/mdev.c | 2 +- util-linux/script.c | 18 ++- util-linux/setarch.c | 2 +- util-linux/setpriv.c | 2 +- util-linux/setsid.c | 2 +- util-linux/switch_root.c | 2 +- util-linux/taskset.c | 2 +- 69 files changed, 633 insertions(+), 265 deletions(-) create mode 100644 libbb/clone_string_array.c create mode 100755 scripts/shell_aliases -- 2.43.0 _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
