unzip: sanitize filename length: malloc(1234mb) is not funny

[oweals/busybox.git] / Config.in

#
# For a description of the syntax of this configuration file,
# see scripts/kbuild/config-language.txt.
#

mainmenu "BusyBox Configuration"

config HAVE_DOT_CONFIG
        bool
        default y

menu "Busybox Settings"

config DESKTOP
        bool "Enable compatibility for full-blown desktop systems"
        default y
        help
          Enable applet options and features which are not essential.
          Many applet options have dedicated config options to (de)select them
          under that applet; this options enables those options which have no
          individual config item for them.

          Select this if you plan to use busybox on full-blown desktop machine
          with common Linux distro, which needs higher level of command-line
          compatibility.

          If you are preparing your build to be used on an embedded box
          where you have tighter control over the entire set of userspace
          tools, you can unselect this option for smaller code size.

config EXTRA_COMPAT
        bool "Provide compatible behavior for rare corner cases (bigger code)"
        default n
        help
          This option makes grep, sed etc handle rare corner cases
          (embedded NUL bytes and such). This makes code bigger and uses
          some GNU extensions in libc. You probably only need this option
          if you plan to run busybox on desktop.

config INCLUDE_SUSv2
        bool "Enable obsolete features removed before SUSv3"
        default y
        help
          This option will enable backwards compatibility with SuSv2,
          specifically, old-style numeric options ('command -1 <file>')
          will be supported in head, tail, and fold. (Note: should
          affect renice too.)

config LONG_OPTS
        bool "Support --long-options"
        default y
        help
          Enable this if you want busybox applets to use the gnu --long-option
          style, in addition to single character -a -b -c style options.

config SHOW_USAGE
        bool "Show applet usage messages"
        default y
        help
          Enabling this option, BusyBox applets will show terse help messages
          when invoked with wrong arguments.
          If you do not want to show any (helpful) usage message when
          issuing wrong command syntax, you can say 'N' here,
          saving approximately 7k.

config FEATURE_VERBOSE_USAGE
        bool "Show verbose applet usage messages"
        default y
        depends on SHOW_USAGE
        help
          All BusyBox applets will show verbose help messages when
          busybox is invoked with --help. This will add a lot of text to the
          busybox binary. In the default configuration, this will add about
          13k, but it can add much more depending on your configuration.

config FEATURE_COMPRESS_USAGE
        bool "Store applet usage messages in compressed form"
        default y
        depends on SHOW_USAGE
        help
          Store usage messages in .bz compressed form, uncompress them
          on-the-fly when <applet> --help is called.

          If you have a really tiny busybox with few applets enabled (and
          bunzip2 isn't one of them), the overhead of the decompressor might
          be noticeable. Also, if you run executables directly from ROM
          and have very little memory, this might not be a win. Otherwise,
          you probably want this.

config LFS
        bool "Support files > 2 GB"
        default y
        help
          If you want to build BusyBox with large file support, then enable
          this option. This will have no effect if your kernel or your C
          library lacks large file support for large files. Some of the
          programs that can benefit from large file support include dd, gzip,
          cp, mount, tar, and many others. If you want to access files larger
          than 2 Gigabytes, enable this option.

config PAM
        bool "Support PAM (Pluggable Authentication Modules)"
        default n
        help
          Use PAM in some busybox applets (currently login and httpd) instead
          of direct access to password database.

config FEATURE_DEVPTS
        bool "Use the devpts filesystem for Unix98 PTYs"
        default y
        help
          Enable if you want BusyBox to use Unix98 PTY support. If enabled,
          busybox will use /dev/ptmx for the master side of the pseudoterminal
          and /dev/pts/<number> for the slave side. Otherwise, BSD style
          /dev/ttyp<number> will be used. To use this option, you should have
          devpts mounted.

config FEATURE_UTMP
        bool "Support utmp file"
        default y
        help
          The file /var/run/utmp is used to track who is currently logged in.
          With this option on, certain applets (getty, login, telnetd etc)
          will create and delete entries there.
          "who" applet requires this option.

config FEATURE_WTMP
        bool "Support wtmp file"
        default y
        depends on FEATURE_UTMP
        help
          The file /var/run/wtmp is used to track when users have logged into
          and logged out of the system.
          With this option on, certain applets (getty, login, telnetd etc)
          will append new entries there.
          "last" applet requires this option.

config FEATURE_PIDFILE
        bool "Support writing pidfiles"
        default y
        help
          This option makes some applets (e.g. crond, syslogd, inetd) write
          a pidfile at the configured PID_FILE_PATH.  It has no effect
          on applets which require pidfiles to run.

config PID_FILE_PATH
        string "Directory for pidfiles"
        default "/var/run"
        depends on FEATURE_PIDFILE
        help
          This is the default path where pidfiles are created.  Applets which
          allow you to set the pidfile path on the command line will override
          this value.  The option has no effect on applets that require you to
          specify a pidfile path.

config BUSYBOX
        bool "Include busybox applet"
        default y
        help
          The busybox applet provides general help regarding busybox and
          allows the included applets to be listed.  It's also required
          if applet links are to be installed at runtime. If you unselect
          this option, running busybox without any arguments will give
          just a cryptic error message:

          $ busybox
          busybox: applet not found

          Running "busybox APPLET [ARGS...]" will still work, of course.

config FEATURE_INSTALLER
        bool "Support --install [-s] to install applet links at runtime"
        default y
        depends on BUSYBOX
        help
          Enable 'busybox --install [-s]' support. This will allow you to use
          busybox at runtime to create hard links or symlinks for all the
          applets that are compiled into busybox.

config INSTALL_NO_USR
        bool "Don't use /usr"
        default n
        help
          Disable use of /usr. busybox --install and "make install"
          will install applets only to /bin and /sbin,
          never to /usr/bin or /usr/sbin.

config FEATURE_SUID
        bool "Drop SUID state for most applets"
        default y
        help
          With this option you can install the busybox binary belonging
          to root with the suid bit set, enabling some applets to perform
          root-level operations even when run by ordinary users
          (for example, mounting of user mounts in fstab needs this).

          With this option enabled, Busybox drops privileges for applets
          that don't need root access, before entering their main() function.

          If you are really paranoid and don't want even initial busybox code
          to run under root for evey applet, build two busybox binaries with
          different applets in them (and the appropriate symlinks pointing
          to each binary), and only set the suid bit on the one that needs it.

          Some applets which require root rights (need suid bit on the binary
          or to be run by root) and will refuse to execute otherwise:
          crontab, login, passwd, su, vlock, wall.

          The applets which will use root rights if they have them
          (via suid bit, or because run by root), but would try to work
          without root right nevertheless:
          findfs, ping[6], traceroute[6], mount.

          Note that if you DO NOT select this option, but DO make busybox
          suid root, ALL applets will run under root, which is a huge
          security hole (think "cp /some/file /etc/passwd").

config FEATURE_SUID_CONFIG
        bool "Enable SUID configuration via /etc/busybox.conf"
        default y
        depends on FEATURE_SUID
        help
          Allow the SUID/SGID state of an applet to be determined at runtime
          by checking /etc/busybox.conf. (This is sort of a poor man's sudo.)
          The format of this file is as follows:

          APPLET = [Ssx-][Ssx-][x-] [USER.GROUP]

          s: USER or GROUP is allowed to execute APPLET.
             APPLET will run under USER or GROUP
             (reagardless of who's running it).
          S: USER or GROUP is NOT allowed to execute APPLET.
             APPLET will run under USER or GROUP.
             This option is not very sensical.
          x: USER/GROUP/others are allowed to execute APPLET.
             No UID/GID change will be done when it is run.
          -: USER/GROUP/others are not allowed to execute APPLET.

          An example might help:

          [SUID]
          su = ssx root.0 # applet su can be run by anyone and runs with
                          # euid=0,egid=0
          su = ssx        # exactly the same

          mount = sx- root.disk # applet mount can be run by root and members
                                # of group disk (but not anyone else)
                                # and runs with euid=0 (egid is not changed)

          cp = --- # disable applet cp for everyone

          The file has to be owned by user root, group root and has to be
          writeable only by root:
                (chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf)
          The busybox executable has to be owned by user root, group
          root and has to be setuid root for this to work:
                (chown 0.0 /bin/busybox; chmod 4755 /bin/busybox)

          Robert 'sandman' Griebl has more information here:
          <url: http://www.softforge.de/bb/suid.html >.

config FEATURE_SUID_CONFIG_QUIET
        bool "Suppress warning message if /etc/busybox.conf is not readable"
        default y
        depends on FEATURE_SUID_CONFIG
        help
          /etc/busybox.conf should be readable by the user needing the SUID,
          check this option to avoid users to be notified about missing
          permissions.

config FEATURE_PREFER_APPLETS
        bool "exec prefers applets"
        default n
        help
          This is an experimental option which directs applets about to
          call 'exec' to try and find an applicable busybox applet before
          searching the PATH. This is typically done by exec'ing
          /proc/self/exe.

          This may affect shell, find -exec, xargs and similar applets.
          They will use applets even if /bin/APPLET -> busybox link
          is missing (or is not a link to busybox). However, this causes
          problems in chroot jails without mounted /proc and with ps/top
          (command name can be shown as 'exe' for applets started this way).

config BUSYBOX_EXEC_PATH
        string "Path to BusyBox executable"
        default "/proc/self/exe"
        help
          When Busybox applets need to run other busybox applets, BusyBox
          sometimes needs to exec() itself. When the /proc filesystem is
          mounted, /proc/self/exe always points to the currently running
          executable. If you haven't got /proc, set this to wherever you
          want to run BusyBox from.

config SELINUX
        bool "Support NSA Security Enhanced Linux"
        default n
        select PLATFORM_LINUX
        help
          Enable support for SELinux in applets ls, ps, and id. Also provide
          the option of compiling in SELinux applets.

          If you do not have a complete SELinux userland installed, this stuff
          will not compile.  Specifially, libselinux 1.28 or better is
          directly required by busybox. If the installation is located in a
          non-standard directory, provide it by invoking make as follows:

                CFLAGS=-I<libselinux-include-path> \
                LDFLAGS=-L<libselinux-lib-path> \
                make

          Most people will leave this set to 'N'.

config FEATURE_CLEAN_UP
        bool "Clean up all memory before exiting (usually not needed)"
        default n
        help
          As a size optimization, busybox normally exits without explicitly
          freeing dynamically allocated memory or closing files. This saves
          space since the OS will clean up for us, but it can confuse debuggers
          like valgrind, which report tons of memory and resource leaks.

          Don't enable this unless you have a really good reason to clean
          things up manually.

# These are auto-selected by other options

config FEATURE_SYSLOG
        bool #No description makes it a hidden option
        default n
        #help
        #  This option is auto-selected when you select any applet which may
        #  send its output to syslog. You do not need to select it manually.

config FEATURE_HAVE_RPC
        bool #No description makes it a hidden option
        default n
        #help
        #  This is automatically selected if any of enabled applets need it.
        #  You do not need to select it manually.

config PLATFORM_LINUX
        bool #No description makes it a hidden option
        default n
        #help
        #  For the most part, busybox requires only POSIX compatibility
        #  from the target system, but some applets and features use
        #  Linux-specific interfaces.
        #
        #  This is automatically selected if any applet or feature requires
        #  Linux-specific interfaces. You do not need to select it manually.

comment 'Build Options'

config STATIC
        bool "Build BusyBox as a static binary (no shared libs)"
        default n
        help
          If you want to build a static BusyBox binary, which does not
          use or require any shared libraries, then enable this option.
          This can cause BusyBox to be considerably larger, so you should
          leave this option false unless you have a good reason (i.e.
          your target platform does not support shared libraries, or
          you are building an initrd which doesn't need anything but
          BusyBox, etc).

          Most people will leave this set to 'N'.

config PIE
        bool "Build BusyBox as a position independent executable"
        default n
        depends on !STATIC
        help
          Hardened code option. PIE binaries are loaded at a different
          address at each invocation. This has some overhead,
          particularly on x86-32 which is short on registers.

          Most people will leave this set to 'N'.

config NOMMU
        bool "Force NOMMU build"
        default n
        help
          Busybox tries to detect whether architecture it is being
          built against supports MMU or not. If this detection fails,
          or if you want to build NOMMU version of busybox for testing,
          you may force NOMMU build here.

          Most people will leave this set to 'N'.

# PIE can be made to work with BUILD_LIBBUSYBOX, but currently
# build system does not support that
config BUILD_LIBBUSYBOX
        bool "Build shared libbusybox"
        default n
        depends on !FEATURE_PREFER_APPLETS && !PIE && !STATIC
        help
          Build a shared library libbusybox.so.N.N.N which contains all
          busybox code.

          This feature allows every applet to be built as a really tiny
          separate executable linked against the library:
          $ size 0_lib/l*
            text  data   bss     dec    hex filename
             939   212    28    1179    49b 0_lib/last
             939   212    28    1179    49b 0_lib/less
          919138  8328  1556  929022  e2cfe 0_lib/libbusybox.so.1.N.M

          This is useful on NOMMU systems which are not capable
          of sharing executables, but are capable of sharing code
          in dynamic libraries.

config FEATURE_LIBBUSYBOX_STATIC
        bool "Pull in all external references into libbusybox"
        default n
        depends on BUILD_LIBBUSYBOX
        help
          Make libbusybox library independent, not using or requiring
          any other shared libraries.

config FEATURE_INDIVIDUAL
        bool "Produce a binary for each applet, linked against libbusybox"
        default y
        depends on BUILD_LIBBUSYBOX
        help
          If your CPU architecture doesn't allow for sharing text/rodata
          sections of running binaries, but allows for runtime dynamic
          libraries, this option will allow you to reduce memory footprint
          when you have many different applets running at once.

          If your CPU architecture allows for sharing text/rodata,
          having single binary is more optimal.

          Each applet will be a tiny program, dynamically linked
          against libbusybox.so.N.N.N.

          You need to have a working dynamic linker.

config FEATURE_SHARED_BUSYBOX
        bool "Produce additional busybox binary linked against libbusybox"
        default y
        depends on BUILD_LIBBUSYBOX
        help
          Build busybox, dynamically linked against libbusybox.so.N.N.N.

          You need to have a working dynamic linker.

### config BUILD_AT_ONCE
###     bool "Compile all sources at once"
###     default n
###     help
###       Normally each source-file is compiled with one invocation of
###       the compiler.
###       If you set this option, all sources are compiled at once.
###       This gives the compiler more opportunities to optimize which can
###       result in smaller and/or faster binaries.
###
###       Setting this option will consume alot of memory, e.g. if you
###       enable all applets with all features, gcc uses more than 300MB
###       RAM during compilation of busybox.
###
###       This option is most likely only beneficial for newer compilers
###       such as gcc-4.1 and above.
###
###       Say 'N' unless you know what you are doing.

config CROSS_COMPILER_PREFIX
        string "Cross Compiler prefix"
        default ""
        help
          If you want to build BusyBox with a cross compiler, then you
          will need to set this to the cross-compiler prefix, for example,
          "i386-uclibc-".

          Note that CROSS_COMPILE environment variable or
          "make CROSS_COMPILE=xxx ..." will override this selection.

          Native builds leave this empty.

config SYSROOT
        string "Path to sysroot"
        default ""
        help
          If you want to build BusyBox with a cross compiler, then you
          might also need to specify where /usr/include and /usr/lib
          will be found.

          For example, BusyBox can be built against an installed
          Android NDK, platform version 9, for ARM ABI with

          CONFIG_SYSROOT=/opt/android-ndk/platforms/android-9/arch-arm

          Native builds leave this empty.

config EXTRA_CFLAGS
        string "Additional CFLAGS"
        default ""
        help
          Additional CFLAGS to pass to the compiler verbatim.

config EXTRA_LDFLAGS
        string "Additional LDFLAGS"
        default ""
        help
          Additional LDFLAGS to pass to the linker verbatim.

config EXTRA_LDLIBS
        string "Additional LDLIBS"
        default ""
        help
          Additional LDLIBS to pass to the linker with -l.

config USE_PORTABLE_CODE
        bool "Avoid using GCC-specific code constructs"
        default n
        help
          Use this option if you are trying to compile busybox with
          compiler other than gcc.
          If you do use gcc, this option may needlessly increase code size.

comment 'Installation Options ("make install" behavior)'

choice
        prompt "What kind of applet links to install"
        default INSTALL_APPLET_SYMLINKS
        help
          Choose what kind of links to applets are created by "make install".

config INSTALL_APPLET_SYMLINKS
        bool "as soft-links"
        help
          Install applets as soft-links to the busybox binary. This needs some
          free inodes on the filesystem, but might help with filesystem
          generators that can't cope with hard-links.

config INSTALL_APPLET_HARDLINKS
        bool "as hard-links"
        help
          Install applets as hard-links to the busybox binary. This might
          count on a filesystem with few inodes.

config INSTALL_APPLET_SCRIPT_WRAPPERS
        bool "as script wrappers"
        help
          Install applets as script wrappers that call the busybox binary.

config INSTALL_APPLET_DONT
        bool "not installed"
        help
          Do not install applet links. Useful when you plan to use
          busybox --install for installing links, or plan to use
          a standalone shell and thus don't need applet links.

endchoice

choice
        prompt "/bin/sh applet link"
        default INSTALL_SH_APPLET_SYMLINK
        depends on INSTALL_APPLET_SCRIPT_WRAPPERS
        help
          Choose how you install /bin/sh applet link.

config INSTALL_SH_APPLET_SYMLINK
        bool "as soft-link"
        help
          Install /bin/sh applet as soft-link to the busybox binary.

config INSTALL_SH_APPLET_HARDLINK
        bool "as hard-link"
        help
          Install /bin/sh applet as hard-link to the busybox binary.

config INSTALL_SH_APPLET_SCRIPT_WRAPPER
        bool "as script wrapper"
        help
          Install /bin/sh applet as script wrapper that calls
          the busybox binary.

endchoice

config PREFIX
        string "BusyBox installation prefix"
        default "./_install"
        help
          Define your directory to install BusyBox files/subdirs in.

comment 'Debugging Options'

config DEBUG
        bool "Build BusyBox with extra Debugging symbols"
        default n
        help
          Say Y here if you wish to examine BusyBox internals while applets are
          running. This increases the size of the binary considerably, and
          should only be used when doing development. If you are doing
          development and want to debug BusyBox, answer Y.

          Most people should answer N.

config DEBUG_PESSIMIZE
        bool "Disable compiler optimizations"
        default n
        depends on DEBUG
        help
          The compiler's optimization of source code can eliminate and reorder
          code, resulting in an executable that's hard to understand when
          stepping through it with a debugger. This switches it off, resulting
          in a much bigger executable that more closely matches the source
          code.

config DEBUG_SANITIZE
        bool "Enable runtime sanitizers (ASAN/LSAN/USAN/etc...)"
        default n
        help
          Say Y here if you want to enable runtime sanitizers. These help
          catch bad memory accesses (e.g. buffer overflows), but will make
          the executable larger and slow down runtime a bit.

          This adds -fsanitize=foo options to gcc command line.

          If you aren't developing/testing busybox, say N here.

config UNIT_TEST
        bool "Build unit tests"
        default n
        help
          Say Y here if you want to build unit tests (both the framework and
          test cases) as a Busybox applet. This results in bigger code, so you
          probably don't want this option in production builds.

config WERROR
        bool "Abort compilation on any warning"
        default n
        help
          This adds -Werror to gcc command line.

          Most people should answer N.

choice
        prompt "Additional debugging library"
        default NO_DEBUG_LIB
        help
          Using an additional debugging library will make BusyBox become
          considerable larger and will cause it to run more slowly. You
          should always leave this option disabled for production use.

          dmalloc support:
          ----------------
          This enables compiling with dmalloc ( http://dmalloc.com/ )
          which is an excellent public domain mem leak and malloc problem
          detector. To enable dmalloc, before running busybox you will
          want to properly set your environment, for example:
            export DMALLOC_OPTIONS=debug=0x34f47d83,inter=100,log=logfile
          The 'debug=' value is generated using the following command
            dmalloc -p log-stats -p log-non-free -p log-bad-space \
               -p log-elapsed-time -p check-fence -p check-heap \
               -p check-lists -p check-blank -p check-funcs -p realloc-copy \
               -p allow-free-null

          Electric-fence support:
          -----------------------
          This enables compiling with Electric-fence support. Electric
          fence is another very useful malloc debugging library which uses
          your computer's virtual memory hardware to detect illegal memory
          accesses. This support will make BusyBox be considerable larger
          and run slower, so you should leave this option disabled unless
          you are hunting a hard to find memory problem.


config NO_DEBUG_LIB
        bool "None"

config DMALLOC
        bool "Dmalloc"

config EFENCE
        bool "Electric-fence"

endchoice

source libbb/Config.in

endmenu

comment "Applets"

source archival/Config.in
source coreutils/Config.in
source console-tools/Config.in
source debianutils/Config.in
source editors/Config.in
source findutils/Config.in
source init/Config.in
source loginutils/Config.in
source e2fsprogs/Config.in
source modutils/Config.in
source util-linux/Config.in
source miscutils/Config.in
source networking/Config.in
source printutils/Config.in
source mailutils/Config.in
source procps/Config.in
source runit/Config.in
source selinux/Config.in
source shell/Config.in
source sysklogd/Config.in