Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
This is needed for procd init script protection to work.
flock adds 4248 bytes to stripped busybox binary.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.
Fixes: FS#1181 - CVE-2017-16544:
Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8https://nvd.nist.gov/vuln/detail/CVE-2017-16544
Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and
TARGET_LDFLAGS (passed only in certain non-default configuration before the
Makefile streamlining). Without these flags, hardening options
(PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox.
The addition of these flags increases the size of the stripped busybox
binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro")
with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Use default Build/Install steps where possible. No binary change in default
configuration, so PKG_RELEASE is not incremented.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Thanks to swalker for CPE to package mapping and
keep tracking CVEs.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Refresh patches, delete patches backported from upstream.
This fixes ntpd sync issues (ntpd would not sync if the first provided
peer address was unreachable).
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
busybox currently installs passwd into /usr/bin which prevents its
'full' shadow-utils variant from being installed.
Move the passwd applet to /bin to avoid that collision.
shadow also provides /usr/bin/login which doesn't collide with busybox
as the busybox login applet is installed at /bin/login.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
busybox currently installs traceroute and traceroute6 into /usr/bin
which prevents their 'full' iputils variants from being installed.
Move those applets to /bin so they can coexist with their iputils
siblings using the same PATH convention already applied for coreutils
and other drop-in 'full' versions.
Refresh existing patch while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Revert this commit as it introduces a patchfile at a wrong location.
Since the patch was never effective, we can assume that this particular
commit was not properly tested.
This reverts commit dde9da46c1.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
this is a cherrypick from busybox-git HEAD:
f5470419404d643070db99d058405b714695b817
and can be removed when upgrading to
next busybox release. discussion here:
http://lists.busybox.net/pipermail/busybox/2017-May/085439.html
Signed-off-by: Bastian Bittorf <bb@npl.de>
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
When busybox customisation is enabled, we should depend on config
symbols CONFIG_BUSYBOX_CONFIG_xxx to form alternatives specs
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When invoking "nslookup_lede" with a domain argument and without explicit
query type, issue both A and AAAA queries and display the resulting IP
addresses in a numbered list style, similar to how the old BusyBox nslookup
used to output the records.
This is required for compatibility with certain scripts.
Ref: https://forum.lede-project.org/t/nslookup-ipv6-in-lede-17-01-1
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The ":*" optstring syntax was only recently introduced with BusyBox v1.26,
older versions need a corresponding hint in the "opt_complementary" variable
to denote flag values that should be stored as llist entries.
Add the required opt_complementary entry to fix random SIGBUS, SIGILL or
SIGSEGV related crashes on BusyBox 1.25.x when attempting to use the "-q"
flag of the "nslookup_lede" applet.
Ref: https://forum.lede-project.org/t/nslookup-ipv6-in-lede-17-01-1
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Protect any IPv6 related with appropriate guards to fix compilation with
disabled IPv6 support in Busybox.
Fixes#728.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since the LEDE nslookup applet is already specific to LEDE, move the
libresolv detection into the busybox Makefile that LEDE uses.
This fixes builds with external toolchains that don't automatically
search for headers and/or libraries without being told so.
Fixes: de5b8e5d2f ("busybox: add musl compatible nslookup replacement")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Add an alternative nslookup applet implementation which is compatible with
musl libc wrt. name server selection and which supports a number of additional
features such as query type selection.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
If you're using Chrony or NTPD you don't want the busybox NTP server
as well. Make it's installation truly conditional.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [simplify]
ntpd from Busybox supports peer-less (standalone) mode when it's started
with option -l and without any peer provided with option -p. In this
mode ntpd uses local time as reference and acts as stratum 1 server.
This mode can be used in isolated networks, where Internet access and/or
other NTP server/s are not available, but the device has some other way
of getting correct time, like e.g. GPS (ugps supports setting local time
by default).
Support for this mode was incorrectly disabled/removed in:
1527f96ca6
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches, delete patches that have been applied upstream.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix defaults]
The "new style" busybox applet approach moves all config and build
definitions related to an applet to its .c file. This makes the
patches easier to maintain, as they only add new files to the busybox
build directory, without modifying BusyBox files.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Adjust download locations:
- use https as busybox.net permanently redirects http to https
- gentoo mirror has neither 1.25.0 nor 1.25.1 available, so drop it
in favor of buildroot.net that has 1.25.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The Linux kernel uses two distinct fields to denote the routing table ID in
use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the
32 bit `RTA_TABLE` netlink attribute.
If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used
and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value.
This commit adds a patch which...
- switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically
sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in
order to support IDs up to 65535
- adds proper handling of high table IDs to iprule.c and iproute.c when
adding, removing and dumping ip rules and network routes
After this change, the Busybox ip applet fully supports IP rules with high ID
numbers, using the same logic as the full iproute2.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
A padding to align a message should not only be added between
different attributes of a netlink message, but also at the end of the
message to pad it to the correct size.
Without this patch the following command does not work and returns an
error code:
ip link add type nlmon
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Now that snapshot builds are only publishing SHA-256 checksums, it makes
sense to ship an appropriate utility for verification.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daemons that are waiting for a timesync are only triggered when the action is stratum.
As step is the first sync action pass all actions to the ntpd hotplug scripts; it's up
to the ntpd hotplugscript to filter out the actions it is interested in.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The busybox ntpd utility currently uses ntp servers specified in uci.
This patch allows the ntpd utility to use NTP servers received via DHCP(v6)
Following uci parameters have been added:
use_dhcp : enables NTP server config via DHCP(v6)
dhcp_interface : use NTP servers received only on the specified DHCP(v6) interfaces; if empty all interfaces are considered
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
