main/busybox: add patch for /etc/securetty support in su

This makes it possible to have blank root passwords in container setups.

5 files changed, 261 insertions, 40 deletions

diff --git a/main/busybox/3001-login-move-check_securetty-to-libbb.patch b/main/busybox/3001-login-move-check_securetty-to-libbb.patch
new file mode 100644
index 0000000000..07a7246867
--- /dev/null
+++ b/main/busybox/3001-login-move-check_securetty-to-libbb.patch
@@ -0,0 +1,103 @@
+From 2543aee0930976d95822a88d840cf139261f7fe0 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Thu, 5 Nov 2015 16:27:34 +0200
+Subject: [PATCH 3001/3003] login: move check_securetty to libbb
+
+---
+ include/libbb.h    |  1 +
+ libbb/Kbuild.src   |  1 +
+ libbb/securetty.c  | 27 +++++++++++++++++++++++++++
+ loginutils/login.c | 19 -------------------
+ 4 files changed, 29 insertions(+), 19 deletions(-)
+ create mode 100644 libbb/securetty.c
+
+diff --git a/include/libbb.h b/include/libbb.h
+index a8ceb44..516f42e 100644
+--- a/include/libbb.h
++++ b/include/libbb.h
+@@ -1360,6 +1360,7 @@ int sd_listen_fds(void);
+ #define SETUP_ENV_NO_CHDIR  (1 << 4)
+ void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC;
+ void nuke_str(char *str) FAST_FUNC;
++int check_securetty(const char *short_tty);
+ int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;
+ int ask_and_check_password_extended(const struct passwd *pw, int timeout, const char *prompt) FAST_FUNC;
+ int ask_and_check_password(const struct passwd *pw) FAST_FUNC;
+diff --git a/libbb/Kbuild.src b/libbb/Kbuild.src
+index 7fb6872..0f09de7 100644
+--- a/libbb/Kbuild.src
++++ b/libbb/Kbuild.src
+@@ -84,6 +84,7 @@ lib-y += safe_gethostname.o
+ lib-y += safe_poll.o
+ lib-y += safe_strncpy.o
+ lib-y += safe_write.o
++lib-y += securetty.o
+ lib-y += setup_environment.o
+ lib-y += signals.o
+ lib-y += simplify_path.o
+diff --git a/libbb/securetty.c b/libbb/securetty.c
+new file mode 100644
+index 0000000..95edbc9
+--- /dev/null
++++ b/libbb/securetty.c
+@@ -0,0 +1,27 @@
++/* vi: set sw=4 ts=4: */
++/*
++ * /etc/securetty checking.
++ *
++ * Licensed under GPLv2, see file LICENSE in this source tree.
++ */
++
++#include "libbb.h"
++
++#if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
++int check_securetty(const char *short_tty)
++{
++	char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
++	parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
++	while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
++		if (strcmp(buf, short_tty) == 0)
++			break;
++		buf = NULL;
++	}
++	config_close(parser);
++	/* buf != NULL here if config file was not found, empty
++	 * or line was found which equals short_tty */
++	return buf != NULL;
++}
++#else
++ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
++#endif
+diff --git a/loginutils/login.c b/loginutils/login.c
+index 1700cfc..b38a1fb 100644
+--- a/loginutils/login.c
++++ b/loginutils/login.c
+@@ -79,25 +79,6 @@ static void die_if_nologin(void)
+ # define die_if_nologin() ((void)0)
+ #endif
+ 
+-#if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
+-static int check_securetty(const char *short_tty)
+-{
+-	char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
+-	parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
+-	while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
+-		if (strcmp(buf, short_tty) == 0)
+-			break;
+-		buf = NULL;
+-	}
+-	config_close(parser);
+-	/* buf != NULL here if config file was not found, empty
+-	 * or line was found which equals short_tty */
+-	return buf != NULL;
+-}
+-#else
+-static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
+-#endif
+-
+ #if ENABLE_SELINUX
+ static void initselinux(char *username, char *full_tty,
+ 						security_context_t *user_sid)
+-- 
+2.6.3
+
diff --git a/main/busybox/3002-libbb-allow_blank-argument-for-ask_and_check_passwor.patch b/main/busybox/3002-libbb-allow_blank-argument-for-ask_and_check_passwor.patch
new file mode 100644
index 0000000000..1722be2ccd
--- /dev/null
+++ b/main/busybox/3002-libbb-allow_blank-argument-for-ask_and_check_passwor.patch
@@ -0,0 +1,70 @@
+From 12b6eff3a535a55441b6a84c24407626edf44b76 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Thu, 5 Nov 2015 16:27:35 +0200
+Subject: [PATCH 3002/3003] libbb: allow_blank argument for
+ ask_and_check_password_extended()
+
+---
+ include/libbb.h          | 2 +-
+ libbb/correct_password.c | 6 +++---
+ loginutils/sulogin.c     | 2 +-
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/include/libbb.h b/include/libbb.h
+index 516f42e..ece8d37 100644
+--- a/include/libbb.h
++++ b/include/libbb.h
+@@ -1362,7 +1362,7 @@ void setup_environment(const char *shell, int flags, const struct passwd *pw) FA
+ void nuke_str(char *str) FAST_FUNC;
+ int check_securetty(const char *short_tty);
+ int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;
+-int ask_and_check_password_extended(const struct passwd *pw, int timeout, const char *prompt) FAST_FUNC;
++int ask_and_check_password_extended(const struct passwd *pw, int timeout, int allow_blank, const char *prompt) FAST_FUNC;
+ int ask_and_check_password(const struct passwd *pw) FAST_FUNC;
+ /* Returns a malloced string */
+ #if !ENABLE_USE_BB_CRYPT
+diff --git a/libbb/correct_password.c b/libbb/correct_password.c
+index 513c930..57cd2b8 100644
+--- a/libbb/correct_password.c
++++ b/libbb/correct_password.c
+@@ -96,7 +96,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext)
+  * NULL pw means "just fake it for login with bad username"
+  */
+ int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
+-		int timeout, const char *prompt)
++		int timeout, int allow_blank, const char *prompt)
+ {
+ 	IF_FEATURE_SHADOWPASSWDS(char buffer[SHADOW_BUFSIZE];)
+ 	char *plaintext;
+@@ -105,7 +105,7 @@ int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
+ 
+ 	pw_pass = get_passwd(pw, buffer);
+ 	if (!pw_pass[0]) /* empty password field? */
+-		return 1;
++		return allow_blank;
+ 
+ 	plaintext = bb_ask(STDIN_FILENO, timeout, prompt);
+ 	if (!plaintext) {
+@@ -120,5 +120,5 @@ int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
+ 
+ int FAST_FUNC ask_and_check_password(const struct passwd *pw)
+ {
+-	return ask_and_check_password_extended(pw, 0, "Password: ");
++	return ask_and_check_password_extended(pw, 0, 1, "Password: ");
+ }
+diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
+index 2a29099..4013f11 100644
+--- a/loginutils/sulogin.c
++++ b/loginutils/sulogin.c
+@@ -53,7 +53,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
+ 	while (1) {
+ 		int r;
+ 
+-		r = ask_and_check_password_extended(pwd, timeout,
++		r = ask_and_check_password_extended(pwd, timeout, 1,
+ 			"Give root password for system maintenance\n"
+ 			"(or type Control-D for normal startup):"
+ 		);
+-- 
+2.6.3
+
diff --git a/main/busybox/3003-su-FEATURE_SU_NULLOK_SECURE.patch b/main/busybox/3003-su-FEATURE_SU_NULLOK_SECURE.patch
new file mode 100644
index 0000000000..bb0e1c64ce
--- /dev/null
+++ b/main/busybox/3003-su-FEATURE_SU_NULLOK_SECURE.patch
@@ -0,0 +1,76 @@
+From 0acd825122c5e2d1b2ba6a0d0f42960cefaafa88 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Thu, 5 Nov 2015 16:27:36 +0200
+Subject: [PATCH 3003/3003] su: FEATURE_SU_NULLOK_SECURE
+
+When this feature is enabled, blank passwords are not accepted by su
+unless the user is on a secure TTY defined in /etc/securetty. This
+resembles the default PAM configuration of some Linux distros which
+specify the nullok_secure option for pam_unix.so.
+---
+ loginutils/Config.src |  5 +++++
+ loginutils/su.c       | 13 ++++++++-----
+ 2 files changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/loginutils/Config.src b/loginutils/Config.src
+index fa2b4f8..a150899 100644
+--- a/loginutils/Config.src
++++ b/loginutils/Config.src
+@@ -311,6 +311,11 @@ config FEATURE_SU_CHECKS_SHELLS
+ 	depends on SU
+ 	default y
+ 
++config FEATURE_SU_NULLOK_SECURE
++	bool "Disallow blank passwords from TTYs other than specified in /etc/securetty"
++	depends on SU
++	default n
++
+ config SULOGIN
+ 	bool "sulogin"
+ 	default y
+diff --git a/loginutils/su.c b/loginutils/su.c
+index f812505..bd0cb35 100644
+--- a/loginutils/su.c
++++ b/loginutils/su.c
+@@ -51,6 +51,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
+ 	struct passwd *pw;
+ 	uid_t cur_uid = getuid();
+ 	const char *tty;
++	int allow_blank = 1;
+ #if ENABLE_FEATURE_UTMP
+ 	char user_buf[64];
+ #endif
+@@ -71,6 +72,12 @@ int su_main(int argc UNUSED_PARAM, char **argv)
+ 		argv++;
+ 	}
+ 
++	tty = xmalloc_ttyname(STDIN_FILENO);
++	if (!tty) tty = "none";
++	tty = skip_dev_pfx(tty);
++
++	if (ENABLE_FEATURE_SU_NULLOK_SECURE) allow_blank = check_securetty(tty);
++
+ 	if (ENABLE_FEATURE_SU_SYSLOG) {
+ 		/* The utmp entry (via getlogin) is probably the best way to
+ 		 * identify the user, especially if someone su's from a su-shell.
+@@ -84,16 +91,12 @@ int su_main(int argc UNUSED_PARAM, char **argv)
+ 			pw = getpwuid(cur_uid);
+ 			old_user = pw ? xstrdup(pw->pw_name) : "";
+ 		}
+-		tty = xmalloc_ttyname(2);
+-		if (!tty) {
+-			tty = "none";
+-		}
+ 		openlog(applet_name, 0, LOG_AUTH);
+ 	}
+ 
+ 	pw = xgetpwnam(opt_username);
+ 
+-	if (cur_uid == 0 || ask_and_check_password(pw) > 0) {
++	if (cur_uid == 0 || ask_and_check_password_extended(pw, 0, allow_blank, "Password: ") > 0) {
+ 		if (ENABLE_FEATURE_SU_SYSLOG)
+ 			syslog(LOG_NOTICE, "%c %s %s:%s",
+ 				'+', tty, old_user, opt_username);
+-- 
+2.6.3
+
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index dee1240317..247c9a6fce 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=busybox
 pkgver=1.23.2
-pkgrel=1
+pkgrel=2
 pkgdesc="Size optimized toolbox of many common UNIX utilities"
 url=http://busybox.net
 arch="all"
@@ -34,6 +34,10 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
 	1001-fbsplash-support-console-switching.patch
 	1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
 
+	3001-login-move-check_securetty-to-libbb.patch
+	3002-libbb-allow_blank-argument-for-ask_and_check_passwor.patch
+	3003-su-FEATURE_SU_NULLOK_SECURE.patch
+
 	busyboxconfig
 	glibc.patch
 	CVE-2016-6301.patch
@@ -120,42 +124,6 @@ static() {
 		"$subpkgdir"/bin/busybox.static
 }
 
-md5sums="7925683d7dd105aabe9b6b618d48cc73  busybox-1.23.2.tar.bz2
-8485cf1e389e891914cbb8771a6d9bbd  bbsuid.c
-d64b58a30892c558bdbab7f0d0997577  nologin.c
-4c0f3b486eaa0674961b7ddcd0c60a9b  busybox-1.11.1-bb.patch
-b5375210f13fd6e1ca61a565e8fabd35  busybox-uname-is-not-gnu.patch
-c5a8dbc8696db6da9c4624b0e11d8fba  bb-app-location.patch
-8c42c9ef0f0419c314c86bcaf7796106  loginutils-sha512.patch
-91a7584a562a72ba886936558e576bbd  udhcpc-discover-retries.patch
-04eeda8c49d4688e6dec02451f8b6aae  0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
-e1c183cbe1ca18a0fa0d9597314076c9  0001-ifupdown-use-x-hostname-NAME-with-udhcpc.patch
-239dbe5dae5d36bbf73548b2749a22b1  0001-linedit-deluser-use-POSIX-getpwent-instead-of-getpwe.patch
-69fa40bee9abec058427bf67fde1b61e  0001-diff-add-support-for-no-dereference.patch
-699ce5aa1095ba4419cd595cec8a8f75  1000-fbsplash-use-virtual-y-size-in-mmap-size-calculation.patch
-b56d306ccba574da78dff060b7330806  1001-fbsplash-support-console-switching.patch
-4fe5f9e973674c7db3d07f295c363a7c  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
-3cff842a3618c84465d7ef5425c8749b  busyboxconfig
-befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch
-b23dd4bd38216d05d88287371d35513a  CVE-2016-6301.patch"
-sha256sums="05a6f9e21aad8c098e388ae77de7b2361941afa7157ef74216703395b14e319a  busybox-1.23.2.tar.bz2
-81957f1fe0c386120dad1c8174ccc1fcfeed98c14d229db7d164d4fb4c938b3d  bbsuid.c
-9bbf0bec82e6d6907474958f3be048c54657fbf49207810b7e4d4d6146f0069d  nologin.c
-327bb8049e2726351a5c8b6b2cef864f6ce58725d4453983f97092ea73656ccc  busybox-1.11.1-bb.patch
-a31ce8bcb8b81b20e80ffa407600a530d085806c6471f4e4249fcb3a491b79ef  busybox-uname-is-not-gnu.patch
-576366b4d50f1078da6c0364ef70415de92d97c93c64f4d790b11d7a34cdccd2  bb-app-location.patch
-57674b20158c0b266ed028b0c65299f9cbcad7d33d19c9fcc403d3967daba493  loginutils-sha512.patch
-90825a443339f1c8c249d05f7b025ce53e374d305f8e113d98d45146b105494d  udhcpc-discover-retries.patch
-2e9d56335ca39e944b9abd9ecc91d0e47a3fe3434f8b7ec3f526bc8fa0895ada  0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
-53563c6dc4db13004d0b37f7bf1748e861b5a5c4244c1d34f102c23b689420c5  0001-ifupdown-use-x-hostname-NAME-with-udhcpc.patch
-ac2cd5fed91bfaec22ed1f2766396d0feb29b9b96f20b2c12d5d8ac8769afae9  0001-linedit-deluser-use-POSIX-getpwent-instead-of-getpwe.patch
-70180473e3939402e460b25de8273a5ce7f62b130a9efe31f33d847b2406ac92  0001-diff-add-support-for-no-dereference.patch
-043963183cad556bdae5d5608180f0cb76cf7eede175cd97aa002a787780500f  1000-fbsplash-use-virtual-y-size-in-mmap-size-calculation.patch
-b8b0b16ed67b0159256193b1d2108b8ef9aa8a334ab81e463bb970c71257da9a  1001-fbsplash-support-console-switching.patch
-e1f3fad8e21dfd72cfcae7ab3ba31d7938e964e0f9ec08b2da0b14d462435424  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
-342bb69c144a1e63d7a7fe4c24578ce5b483c09751ac16bb36d1b88929068141  busyboxconfig
-c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch
-0bffce454b303b832a19946006eebcb217fa6e14a3c638170bd003dc66504e77  CVE-2016-6301.patch"
 sha512sums="209c8ef26e40ccb81510f6b663202b080f9bbecac7faf386bbabf7e36a43d63b15dd6ce9f7a84c1ccc5345c524999812251da1e113ef9faadc6af1fedd24c7c9  busybox-1.23.2.tar.bz2
 16b3dd6a8b76b062d51458351fcb44f84b49eb4bf898584c933df90fb2cb3966f9547865a4d7447589bb20b7c203beb04ff7512f76f85d29138d2cff4eb9ee81  bbsuid.c
 4e7c291a70e879b74c0fc07c54a73ef50537d8be68fee6b2d409425c07afd2d67f9b6afcd8c33a7971014913cc5de85e45079681c9e77200c6cc2f34acfba6d2  nologin.c
@@ -171,6 +139,9 @@ a35b66cd28b79ccc14b47315ac94677fdf8c14d8a6e8956707e71fb50d453dfc5b4b822832cd1fae
 2a8e9360e1cedd26bdb70d8cc036ef0abc7588bf2eee147c1c7436d7a40763f8e31d346b980145a36649130a2f811d299e4f46f7e1b60a8165a60ae9e79727d5  1000-fbsplash-use-virtual-y-size-in-mmap-size-calculation.patch
 a181dd54e8e11cf1199edb1b1fcd4b7402bbf142593b6014f32c6815bb7093b56899ad0fcc9f73c382f56203ac5274fb3d51fa070feb541436f23c31680f1a69  1001-fbsplash-support-console-switching.patch
 c33073416f7da2805a20f3f456f869217171c8fbfdef85f4ae481307aeb1e1b5717084bbbc619010fa5500c3f3f49b6468d5c122024fcc49d637c82427a3f553  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
-2efb13f23c48a4dc3e2eb6343256694719c3425fe8ddd36ce9fb1837e45fafa3326c2630a08d731abc6bbc104536218d095b2d997861c5b35a7f7907177d2e66  busyboxconfig
+1832d2a09625cb60998c54330a751f13dec97da2c4133db29c10f77fa3314fd2ef2002a45eab7215ed1a0dd8b84a8a4c7d4c1d225b5ee012fe357a8777707a17  3001-login-move-check_securetty-to-libbb.patch
+ed8d060b85d4da1681eb35ba64c5b249391e6a7edbeb55b8952897f08fe9bafac33593992772d80a6df42dd3af0e175ce9575ee51c49fbc875008ad0ac2f6f06  3002-libbb-allow_blank-argument-for-ask_and_check_passwor.patch
+c6579970450e7c711461ab1953f534ae855c4a355b4a452b3fc52a286355c87e41f8951b1b5217d0f659e3173ace8718d42dad3dcc878899cf9decdf4d3fe238  3003-su-FEATURE_SU_NULLOK_SECURE.patch
+c82de96986c562d23da2d9eda957f4a183715c4638842ff42122f38e0c65fc6abaef36922b3da4f911d93b0291cf9311a5f17f05fc3d86f2563336bf052a8713  busyboxconfig
 1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch
 a3030e07a30951b2c4a292670f2ff87541c2a84322525422505f1e3f578021b87c004d0180e5f4219bd1befef2981283b331eb3471de0ae6e4bf44dba8fab502  CVE-2016-6301.patch"
diff --git a/main/busybox/busyboxconfig b/main/busybox/busyboxconfig
index b8311b20a9..c9940ba5d6 100644
--- a/main/busybox/busyboxconfig
+++ b/main/busybox/busyboxconfig
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.23.0
-# Thu Dec 25 13:55:58 2014
+# Busybox version: 1.23.2
+# Sun Apr 15 04:47:07 2018
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -496,6 +496,7 @@ CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="sha512"
 CONFIG_SU=y
 CONFIG_FEATURE_SU_SYSLOG=y
 CONFIG_FEATURE_SU_CHECKS_SHELLS=y
+CONFIG_FEATURE_SU_NULLOK_SECURE=y
 # CONFIG_SULOGIN is not set
 CONFIG_VLOCK=y