oweals/busybox.git
7 years agohush: add TODO for "set -e"
Denys Vlasenko [Mon, 10 Jul 2017 08:33:10 +0000 (10:33 +0200)]
hush: add TODO for "set -e"

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: simplify insert_job_into_table() a bit
Denys Vlasenko [Mon, 10 Jul 2017 08:01:12 +0000 (10:01 +0200)]
hush: simplify insert_job_into_table() a bit

function                                             old     new   delta
done_word                                            767     761      -6
insert_job_into_table                                325     264     -61
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 59/-126)           Total: -67 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: rename a few functions
Denys Vlasenko [Mon, 10 Jul 2017 08:00:28 +0000 (10:00 +0200)]
hush: rename a few functions

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agolibbb: do not die if setgid/setuid(real_id) on startup fails
Denys Vlasenko [Mon, 10 Jul 2017 07:17:43 +0000 (09:17 +0200)]
libbb: do not die if setgid/setuid(real_id) on startup fails

Based on a patch from Steven McDonald <steven@steven-mcdonald.id.au>:

This makes 'unshare --user' work correctly in the case where the user's
shell is provided by busybox itself.

'unshare --user' creates a new user namespace without any uid mappings.
As a result, /bin/busybox is setuid nobody:nogroup within the
namespace, as that is the only user. However, since no uids are mapped,
attempting to call setgid/setuid fails, even though this would do
nothing:

  $ unshare --user ./busybox.broken ash
  ash: setgid: Invalid argument

'unshare --map-root-user' still works, but because Linux only allows
uid/gid mappings to be set up once, creating a root mapping makes such
a namespace useless for creating multi-user containers.

With this patch, setgid and setuid will not be called in the case where
they would do nothing, which is always the case inside a new user
namespace because all uids are effectively mapped to nobody:

  $ id -u
  1000
  $ ls -lh busybox.fixed
  -rwsr-xr-x    1 root     root      826.2K May 21 00:33 busybox.fixed
  $ unshare --user ./busybox.fixed ash
  $ id -u
  65534

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoshuf: fix random line selection. Closes 9971
Denys Vlasenko [Sat, 8 Jul 2017 22:39:15 +0000 (00:39 +0200)]
shuf: fix random line selection. Closes 9971

"""
For example, given input file:

    foo
    bar
    baz

after shuffling the input file, foo will never end up back on the first line.
This came to light when I ran into a use-case where someone was selecting
a random line from a file using shuf | head -n 1, and the results on busybox
were showing a statistical anomaly (as in, the first line would never ever
be picked) vs the same process running on environments that had gnu coreutils
installed.

On line https://git.busybox.net/busybox/tree/coreutils/shuf.c#n56 it uses
r %= i, which will result in 0 <= r < i, while the algorithm specifies
0 <= r <= i.
"""

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agocrond: code shrink
Denys Vlasenko [Sat, 8 Jul 2017 22:08:13 +0000 (00:08 +0200)]
crond: code shrink

function                                             old     new   delta
load_crontab                                         936     925     -11

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agocrond: move misplaced comment
Denys Vlasenko [Sat, 8 Jul 2017 22:00:39 +0000 (00:00 +0200)]
crond: move misplaced comment

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agocrond: support @daily etc
Denys Vlasenko [Sat, 8 Jul 2017 18:53:11 +0000 (20:53 +0200)]
crond: support @daily etc

function                                             old     new   delta
start_jobs                                             -     348    +348
load_crontab                                         766     936    +170
static.SpecAry                                         -      96     +96
crond_main                                          1424    1134    -290
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 1/1 up/down: 614/-290)          Total: 324 bytes

Based on patch by Jonathan Kolb <kolbyjack@gmail.com>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agowatchdog: do not use argc, other cleanups
Denys Vlasenko [Sat, 8 Jul 2017 16:53:49 +0000 (18:53 +0200)]
watchdog: do not use argc, other cleanups

function                                             old     new   delta
watchdog_main                                        298     291      -7

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agowatchdog: stop watchdog first on startup
Matt Spinler [Sat, 8 Jul 2017 16:35:25 +0000 (18:35 +0200)]
watchdog: stop watchdog first on startup

Some watchdog implementations may do things other than issue
a reboot on a watchdog timeout.  In this case, there's the
possibility of restarting this program from the state of
the watchdog device not being properly stopped (done by writing
a 'V' and closing the device).  Since it wasn't stopped, the
driver may not be able to restart the watchdog when this program
reopens it and starts pinging it.

To fix this, the code will always first issue the stop when it
starts up.

function                                             old     new   delta
shutdown_on_signal                                     -      32     +32
watchdog_main                                        268     298     +30
shutdown_watchdog                                      -      25     +25
watchdog_shutdown                                     41       -     -41
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 1/0 up/down: 87/-41)             Total: 46 bytes

Signed-off-by: Matt Spinler <spinler@us.ibm.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agobeep: disallow FEATURE_BEEP_FREQ = 0 in configuration
Denys Vlasenko [Sat, 8 Jul 2017 10:21:45 +0000 (12:21 +0200)]
beep: disallow FEATURE_BEEP_FREQ = 0 in configuration

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: explain why wait5.tests is failing
Denys Vlasenko [Fri, 7 Jul 2017 22:24:32 +0000 (00:24 +0200)]
hush: explain why wait5.tests is failing

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: fix "(sleep 1; exit 3) & sleep 2; echo $?; wait $!; echo $?"
Denys Vlasenko [Fri, 7 Jul 2017 20:56:02 +0000 (22:56 +0200)]
hush: fix "(sleep 1; exit 3) & sleep 2; echo $?; wait $!; echo $?"

function                                             old     new   delta
process_wait_result                                  414     426     +12
builtin_wait                                         283     291      +8
run_list                                             974     978      +4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 24/0)               Total: 24 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: fix two redirection testcase failures
Denys Vlasenko [Fri, 7 Jul 2017 20:07:28 +0000 (22:07 +0200)]
hush: fix two redirection testcase failures

function                                             old     new   delta
save_fds_on_redirect                                 183     256     +73
fcntl_F_DUPFD                                          -      46     +46
restore_redirects                                     74      96     +22
xdup_and_close                                        51      72     +21
setup_redirects                                      196     200      +4
hush_main                                            988     983      -5
static.C                                              12       -     -12
run_pipe                                            1595    1551     -44
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 4/2 up/down: 166/-61)           Total: 105 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agomain: fix the case where user has "halt" as login shell. Closes 9986
Denys Vlasenko [Fri, 7 Jul 2017 17:08:56 +0000 (19:08 +0200)]
main: fix the case where user has "halt" as login shell. Closes 9986

halt::0:0::/:/sbin/halt

function                                             old     new   delta
run_applet_and_exit                                  748     751      +3
run_applet_no_and_exit                               467     459      -8

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: remove dependency on libcap headers
Denys Vlasenko [Fri, 7 Jul 2017 15:59:40 +0000 (17:59 +0200)]
setpriv: remove dependency on libcap headers

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: factor out capability name printing
Denys Vlasenko [Fri, 7 Jul 2017 14:09:45 +0000 (16:09 +0200)]
setpriv: factor out capability name printing

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: code shrink, and grouping capability code together
Denys Vlasenko [Fri, 7 Jul 2017 14:00:07 +0000 (16:00 +0200)]
setpriv: code shrink, and grouping capability code together

function                                             old     new   delta
static.versions                                        -       3      +3
getcaps                                              174     149     -25

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: allow modifying ambient capabilities
Patrick Steinhardt [Fri, 7 Jul 2017 00:14:23 +0000 (02:14 +0200)]
setpriv: allow modifying ambient capabilities

With Linux 4.3, a new set of capabilities has been introduced with the
ambient capabilities. These aim to solve the problem that it was
impossible to grant run programs with elevated privileges across
non-root users. Quoting from capabilities(7):

    This is a set of capabilities that are preserved across an execve(2)
    of a program that is not privileged.  The ambient capability set
    obeys the invariant that no capability can ever be ambient if it is
    not both permitted and inheritable.

With this new set of capabilities it is now possible to run an
executable with elevated privileges as a different user, making it much
easier to do proper privilege separation.

Note though that the `--ambient-caps` switch is not part of any released
version of util-linux, yet. It has been applied in 0c92194ee (setpriv:
support modifying the set of ambient capabilities, 2017-06-24) and will
probably be part of v2.31.

function                                             old     new   delta
parse_cap                                              -     174    +174
setpriv_main                                        1246    1301     +55
.rodata                                           146307  146347     +40
static.setpriv_longopts                               40      55     +15
packed_usage                                       32092   32079     -13

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: allow modifying inheritable caps
Patrick Steinhardt [Thu, 6 Jul 2017 23:59:45 +0000 (01:59 +0200)]
setpriv: allow modifying inheritable caps

The main use case of setpriv is to modify the current state of
privileges available to the calling process and spawn a new executable
with the modified, new state. Next to the already supported case of
modifying the no-new-privs flag, util-linux also supports to modify
capability sets.

This commit introduces to add or drop capabilities from the set of
inheritable capabilities. Quoting from capabilities(7):

    This is a set of capabilities preserved across an execve(2).
    Inheritable capabilities remain inheritable when executing any
    program, and inheritable capabilities are added to the permitted set
    when executing a program that has the corresponding bits set in the
    file inheritable set.

As such, inheritable capabilities enable executing files with certain
privileges if the file itself has these privileges set. Note though that
inheritable capabilities are dropped across execve when running as a
non-root user.

function                                             old     new   delta
getcaps                                                -     237    +237
setpriv_main                                        1129    1246    +117
.rodata                                           146198  146307    +109
static.setpriv_longopts                               29      40     +11
packed_usage                                       32107   32092     -15

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: dump ambient capabilities
Patrick Steinhardt [Thu, 6 Jul 2017 21:02:33 +0000 (23:02 +0200)]
setpriv: dump ambient capabilities

As with the previous commit, this commit introduces the ability to dump
the set of ambient capabilities.

function                                             old     new   delta
setpriv_main                                         982    1129    +147
.rodata                                           146148  146198     +50

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: dump capability bounding set
Patrick Steinhardt [Thu, 6 Jul 2017 20:59:23 +0000 (22:59 +0200)]
setpriv: dump capability bounding set

As with the previous commit, this one implements the ability to dump the
capability bounding set.

function                                             old     new   delta
setpriv_main                                         838     982    +144
.rodata                                           146101  146148     +47

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: dump inheritable capability set
Patrick Steinhardt [Thu, 6 Jul 2017 20:47:16 +0000 (22:47 +0200)]
setpriv: dump inheritable capability set

The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.

By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.

To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:

function                                             old     new   delta
.rodata                                           145969  146405    +436
setpriv_main                                         467     842    +375
capabilities                                           -     304    +304

And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:

function                                             old     new   delta
setpriv_main                                         467     838    +371
.rodata                                           145969  146101    +132

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: dump no-new-privs info
Patrick Steinhardt [Thu, 6 Jul 2017 13:21:43 +0000 (15:21 +0200)]
setpriv: dump no-new-privs info

Introduce the ability to dump the state of the no-new-privs flag, which
states whethere it is allowed to grant new privileges.

function                                             old     new   delta
setpriv_main                                         419     467     +48
.rodata                                           145926  145969     +43

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoshell: sync redir/* tests
Denys Vlasenko [Thu, 6 Jul 2017 19:01:50 +0000 (21:01 +0200)]
shell: sync redir/* tests

Note: hush-redir/redir_to_bad_fd.tests currently fails

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: rename redir5.tests (hush has redir5.tests which is different)
Denys Vlasenko [Thu, 6 Jul 2017 19:00:19 +0000 (21:00 +0200)]
ash: rename redir5.tests (hush has redir5.tests which is different)

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: add a TODO about redir3.tests failure
Denys Vlasenko [Thu, 6 Jul 2017 18:57:37 +0000 (20:57 +0200)]
hush: add a TODO about redir3.tests failure

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: rename hush-redir/redir3.tests (ash has redir3.tests which id different)
Denys Vlasenko [Thu, 6 Jul 2017 18:36:40 +0000 (20:36 +0200)]
hush: rename hush-redir/redir3.tests (ash has redir3.tests which id different)

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: Print error messages on shift -1
Denys Vlasenko [Thu, 6 Jul 2017 18:12:44 +0000 (20:12 +0200)]
hush: Print error messages on shift -1

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agotypo fix
Denys Vlasenko [Thu, 6 Jul 2017 17:50:42 +0000 (19:50 +0200)]
typo fix

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: implement negative start in the ${v: -n[:m]} idiom
Denys Vlasenko [Thu, 6 Jul 2017 17:48:20 +0000 (19:48 +0200)]
hush: implement negative start in the ${v: -n[:m]} idiom

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: "adopt" ash var-utf8-length.tests
Denys Vlasenko [Thu, 6 Jul 2017 17:29:23 +0000 (19:29 +0200)]
hush: "adopt" ash var-utf8-length.tests

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: "adopt" ash signal4.tests
Denys Vlasenko [Thu, 6 Jul 2017 16:40:45 +0000 (18:40 +0200)]
hush: "adopt" ash signal4.tests

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoshell: remove duplicate sigint1.tests (another copies are in signals/)
Denys Vlasenko [Thu, 6 Jul 2017 16:37:30 +0000 (18:37 +0200)]
shell: remove duplicate sigint1.tests (another copies are in signals/)

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: add tickquote1.tests from ash testsuite
Denys Vlasenko [Thu, 6 Jul 2017 16:31:47 +0000 (18:31 +0200)]
hush: add tickquote1.tests from ash testsuite

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoshell: syncronize ash and hush heredoc3.tests
Denys Vlasenko [Thu, 6 Jul 2017 16:19:35 +0000 (18:19 +0200)]
shell: syncronize ash and hush heredoc3.tests

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoshell: syncronize ash and hush heredoc1.tests
Denys Vlasenko [Thu, 6 Jul 2017 16:16:18 +0000 (18:16 +0200)]
shell: syncronize ash and hush heredoc1.tests

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoshell: syncronize ash_test/run-all and hush_test/run-all a bit
Denys Vlasenko [Thu, 6 Jul 2017 15:59:25 +0000 (17:59 +0200)]
shell: syncronize ash_test/run-all and hush_test/run-all a bit

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agomakedevs: code shrink
Denys Vlasenko [Thu, 6 Jul 2017 00:17:24 +0000 (02:17 +0200)]
makedevs: code shrink

function                                             old     new   delta
makedevs_main                                       1071    1052     -19

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agomakedevs: allow much longer filenames
Denys Vlasenko [Thu, 6 Jul 2017 00:04:32 +0000 (02:04 +0200)]
makedevs: allow much longer filenames

function                                             old     new   delta
makedevs_main                                       1056    1071     +15

Patch by Kang-Che Sung <explorer09@gmail.com>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: correctly handle quoting in "case" even if !BASH_PATTERN_SUBST
Denys Vlasenko [Wed, 5 Jul 2017 23:52:23 +0000 (01:52 +0200)]
hush: correctly handle quoting in "case" even if !BASH_PATTERN_SUBST

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agodpkg: fix CONFIG_FEATURE_CLEAN_UP handling
Peter Korsgaard [Wed, 5 Jul 2017 09:53:58 +0000 (11:53 +0200)]
dpkg: fix CONFIG_FEATURE_CLEAN_UP handling

dpkg moved to away from dynamically allocating the hashtables in commit
c87339d584 (dpkg: trivial code shrinkage, and redo G trick correctly) almost
ten years ago, but the cleanup code was never adjusted to match.

Glibc loudly complains about this:

*** Error in `dpkg': free(): invalid pointer: 0x0000007fac3478c0 ***

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agohush: fix quoted_punct.tests failure
Denys Vlasenko [Wed, 5 Jul 2017 21:12:15 +0000 (23:12 +0200)]
hush: fix quoted_punct.tests failure

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: fix escaping of a few characters (broken by last commits)
Denys Vlasenko [Wed, 5 Jul 2017 20:19:28 +0000 (22:19 +0200)]
ash: fix escaping of a few characters (broken by last commits)

Add a testcase which tests all ASCII punctuation escapes.
NB: hush is failing this test!

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: tweak in comment
Denys Vlasenko [Wed, 5 Jul 2017 17:20:43 +0000 (19:20 +0200)]
ash: tweak in comment

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: note which versions of glibc exhibit "rho bug"
Denys Vlasenko [Wed, 5 Jul 2017 17:13:44 +0000 (19:13 +0200)]
ash: note which versions of glibc exhibit "rho bug"

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: fix matching of unicode greek letter rho (cf 81) and similar cases
Denys Vlasenko [Wed, 5 Jul 2017 17:10:21 +0000 (19:10 +0200)]
ash: fix matching of unicode greek letter rho (cf 81) and similar cases

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: dump user and group info
Denys Vlasenko [Tue, 4 Jul 2017 16:49:24 +0000 (18:49 +0200)]
setpriv: dump user and group info

setpriv from util-linux has an option to dump the current state
regarding privilege settings via '--dump'. It prints out information on
the real and effective user and group IDs, supplementary groups, the
no-new-privs flag, the capability sets as well as secure bits.

This patch is the start of supporting this mode. To make introduction of
the '--dump' easier to reason about, its introduction has been split
into multiple patches. This particular one introduces the ability to
print out user and group information of the current process.

function                                             old     new   delta
setpriv_main                                          89     322    +233
getresuid                                              -      41     +41
getresgid                                              -      41     +41
static.setpriv_longopts                               22      29      +7
packed_usage                                       31675   31669      -6
------------------------------------------------------------------------------
(add/remove: 4/0 grow/shrink: 2/1 up/down: 322/-6)            Total: 316 bytes

Patch by Patrick Steinhardt <ps@pks.im>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agolibbb: new function bb_getgroups() - allocating wrapper around getgroups()
Denys Vlasenko [Tue, 4 Jul 2017 16:49:24 +0000 (18:49 +0200)]
libbb: new function bb_getgroups() - allocating wrapper around getgroups()

function                                             old     new   delta
bb_getgroups                                           -     111    +111
nexpr                                                843     757     -86
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 0/1 up/down: 111/-86)            Total: 25 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: prepare option parsing logic for additional opts
Patrick Steinhardt [Sun, 2 Jul 2017 13:42:51 +0000 (15:42 +0200)]
setpriv: prepare option parsing logic for additional opts

The current option parsing logic of setpriv only supports the case where
we want to execute a sub-program and have at most one argument. Refactor
handling of options to solve these shortcomings to make it easy to
support 'setpriv --dump', which does not accept any additional
arguments, as well as the case where additional options are passed to
setpriv. This is done by handling 'argc' ourselves, throwing an error
when no program is specified, as well as introducing an enum for the
different option bitmasks.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: do not process remaining args
Patrick Steinhardt [Sun, 2 Jul 2017 13:42:50 +0000 (15:42 +0200)]
setpriv: do not process remaining args

By default, the 'getopt32' call will continue parsing the command line
even after hitting a non-option string. But in setpriv, this should be
avoided, as all parameters following the initial non-option argument are
in fact arguments to the binary that is to be executed by setpriv.
Otherwise, calling e.g. 'busybox setpriv ls -l' would result in an error
due to the unknown parameter "-l".

Fix the issue by passing "+" as the first character in the options
string. This will cause 'getopt32' to stop processing after hitting the
first non-option.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agotls: use capped SNI len everywhere
Denys Vlasenko [Tue, 4 Jul 2017 14:52:45 +0000 (16:52 +0200)]
tls: use capped SNI len everywhere

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agobzcat: compile bunzip2_main() if BZCAT.
Denys Vlasenko [Tue, 4 Jul 2017 14:23:36 +0000 (16:23 +0200)]
bzcat: compile bunzip2_main() if BZCAT.

Currently, BZCAT (and BUNZIP2) selects FEATURE_BZIP2_DECOMPRESS,
thus, "#if ENABLE_FEATURE_BZIP2_DECOMPRESS" around bunzip2_main()
is sufficient. But let's robustify it.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoChange BB_EXTRA_VERSION: now it needs to contain any spaces/parenthesis
Denys Vlasenko [Tue, 4 Jul 2017 14:01:12 +0000 (16:01 +0200)]
Change BB_EXTRA_VERSION: now it needs to contain any spaces/parenthesis

Before this change, BB_EXTRA_VERSION of "" resulted in:

"BusyBox v1.28.0.git () multi-call binary"

message, after the fix it is:

"BusyBox v1.28.0.git multi-call binary"

While at it, eliminate BB_BT and BANNER single-use macros.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agofixes for bugs found by make_single_applets.sh
Denys Vlasenko [Mon, 3 Jul 2017 19:31:16 +0000 (21:31 +0200)]
fixes for bugs found by make_single_applets.sh

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agomsh: delete this applet
Denys Vlasenko [Mon, 3 Jul 2017 14:56:37 +0000 (16:56 +0200)]
msh: delete this applet

It's deprecated since 2009 and interferes with make_single_applets.sh tests.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoStart 1.28.0 development cycle
Denys Vlasenko [Mon, 3 Jul 2017 11:41:18 +0000 (13:41 +0200)]
Start 1.28.0 development cycle

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoBump version to 1.27.0 1_27_0
Denys Vlasenko [Mon, 3 Jul 2017 11:40:46 +0000 (13:40 +0200)]
Bump version to 1.27.0

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoscripts/randomtest: update things which can't be tested on uclibc
Denys Vlasenko [Mon, 3 Jul 2017 00:33:08 +0000 (02:33 +0200)]
scripts/randomtest: update things which can't be tested on uclibc

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agorandomconfig fixes
Denys Vlasenko [Sun, 2 Jul 2017 23:22:13 +0000 (01:22 +0200)]
randomconfig fixes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: fix $HOME/.profile reading if !ASH_EXPAND_PRMT, take 2
Denys Vlasenko [Sat, 1 Jul 2017 21:24:48 +0000 (23:24 +0200)]
ash: fix $HOME/.profile reading if !ASH_EXPAND_PRMT, take 2

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: fix 'trap - 65'
Denys Vlasenko [Sat, 1 Jul 2017 19:09:27 +0000 (21:09 +0200)]
ash: fix 'trap - 65'

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoudhcpc6: make -O OPT work
Denys Vlasenko [Wed, 28 Jun 2017 17:18:17 +0000 (19:18 +0200)]
udhcpc6: make -O OPT work

Patch is based on work by tiggerswelt.net.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agomodutils: delete unused replace_underscores()
Denys Vlasenko [Wed, 28 Jun 2017 17:10:29 +0000 (19:10 +0200)]
modutils: delete unused replace_underscores()

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoudhcpc6: add comments about option 39, no code changes
Denys Vlasenko [Tue, 27 Jun 2017 16:31:08 +0000 (18:31 +0200)]
udhcpc6: add comments about option 39, no code changes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: fix $HOME/.profile reading if !ASH_EXPAND_PRMT
Denys Vlasenko [Tue, 27 Jun 2017 15:51:07 +0000 (17:51 +0200)]
ash: fix $HOME/.profile reading if !ASH_EXPAND_PRMT

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agopgrep: implement -a
Denys Vlasenko [Mon, 26 Jun 2017 19:10:47 +0000 (21:10 +0200)]
pgrep: implement -a

function                                             old     new   delta
pgrep_main                                           640     726     +86

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoudhcpc6: add support for timezones
Denys Vlasenko [Mon, 26 Jun 2017 17:42:48 +0000 (19:42 +0200)]
udhcpc6: add support for timezones

Basedon patch by Bernd Holzmüller <bernd.holzmueller@tiggerswelt.net>

function                                             old     new   delta
option_to_env                                        504     580     +76

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agopgrep: fix pgrep -flx "sleep 11" - saw "sleep 11" processes as "sleep 11 "
Denys Vlasenko [Mon, 26 Jun 2017 12:41:53 +0000 (14:41 +0200)]
pgrep: fix pgrep -flx "sleep 11" - saw "sleep 11" processes as "sleep 11 "

function                                             old     new   delta
pgrep_main                                           584     597     +13

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoarchival: add option -k "keep" to gzip/bzip2/lzop, add -U "nokeep" to lzop
Denys Vlasenko [Thu, 15 Jun 2017 16:07:04 +0000 (18:07 +0200)]
archival: add option -k "keep" to gzip/bzip2/lzop, add -U "nokeep" to lzop

function                                             old     new   delta
bbunpack                                             745     779     +34
lzop_main                                             93     121     +28
do_lzo_compress                                      320     328      +8
packed_usage                                       31685   31653     -32
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/1 up/down: 70/-32)             Total: 38 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agofix "ifdef ENABLE_foo": should always be "#if ENABLE_foo"
Denys Vlasenko [Thu, 15 Jun 2017 15:11:59 +0000 (17:11 +0200)]
fix "ifdef ENABLE_foo": should always be "#if ENABLE_foo"

function                                             old     new   delta
pack_gzip                                           1729    1789     +60
fill_window                                          220     216      -4
static.gzip_level_config                              24       -     -24
gzip_main                                            275     192     -83
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/2 up/down: 60/-111)           Total: -51 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agounshare: fix help text; select LONG_OPTS instead depending on them
Denys Vlasenko [Wed, 14 Jun 2017 14:20:02 +0000 (16:20 +0200)]
unshare: fix help text; select LONG_OPTS instead depending on them

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosetpriv: new applet
Assaf Gordon [Wed, 14 Jun 2017 09:46:52 +0000 (11:46 +0200)]
setpriv: new applet

Add a minimal 'setpriv' implementation supporting the NO_NEW_PRIVS bit.
Typical usage:

    $ busybox setpriv sudo uname
    Linux
    $ busybox setpriv --nnp sudo uname
    sudo: effective uid is not 0, is /usr/bin/sudo on a file system with
    the 'nosuid' option set or an NFS file system without root privileges?

function                                             old     new   delta
packed_usage                                       31580   31685    +105
setpriv_main                                           -      87     +87
prctl                                                  -      53     +53
static.setpriv_longopts                                -      22     +22
applet_names                                        2620    2628      +8
applet_main                                         1516    1520      +4
------------------------------------------------------------------------------
(add/remove: 5/0 grow/shrink: 3/0 up/down: 279/0)             Total: 279 bytes

Signed-off-by: Assaf Gordon <assafgordon@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoiproute: support for filtering by and printing of scope
André Draszik [Tue, 13 Jun 2017 17:59:59 +0000 (19:59 +0200)]
iproute: support for filtering by and printing of scope

This patch adds filtering by and printing of 'scope' to the
ip route command, taken from the upstream ip command.

x86_64:
function                                             old     new   delta
iproute_list_or_flush                               1548    1674    +126
print_route                                         2394    2469     +75
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 201/0)             Total: 201 bytes

mipsel:
iproute_list_or_flush                               1952    2096    +144
print_route                                         2580    2696    +116
------------------------------------------------------------------------------
(add/remove: 3/0 grow/shrink: 2/0 up/down: 260/0)             Total: 260 bytes

Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agotar: add IF_FEATURE_* checks
Ming Liu [Fri, 2 Jun 2017 08:47:23 +0000 (10:47 +0200)]
tar: add IF_FEATURE_* checks

A following linking error was observed:
| ==========
| archival/lib.a(tar.o): In function `tar_main':
| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
| ld: busybox_unstripped: hidden symbol `unpack_Z_stream' isn't defined
| ld: final link failed: Bad value

this happened with clang compiler, with the following configs:
| CONFIG_TAR=y
| # CONFIG_FEATURE_SEAMLESS_Z is not set

which can be fixed by adding IF_FEATURE_* checks in.

Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoip rule: add suppress_{prefixlength,ifgroup} options
Stefan Tomanek [Tue, 13 Jun 2017 17:06:09 +0000 (19:06 +0200)]
ip rule: add suppress_{prefixlength,ifgroup} options

function                                             old     new   delta
iprule_modify                                        816     887     +71
print_rule                                           610     680     +70
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 141/0)             Total: 141 bytes

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash: fix incorrect path in describe_command
Youfu Zhang [Fri, 26 May 2017 07:31:29 +0000 (15:31 +0800)]
ash: fix incorrect path in describe_command

$ PATH=/extra/path:/usr/sbin:/usr/bin:/sbin:/bin \
> busybox sh -xc 'command -V ls; command -V ls; command -Vp ls; command -vp ls'
+ command -V ls
ls is /bin/ls
+ command -V ls
ls is a tracked alias for /bin/ls
+ command -Vp ls
ls is a tracked alias for (null)
+ command -vp ls
Segmentation fault

describe_command should respect `path' argument. Looking up in the hash table
may gives incorrect index in entry.u.index and finally causes incorrect output
or SIGSEGV.

function                                             old     new   delta
describe_command                                     386     313     -73

Signed-off-by: Youfu Zhang <zhangyoufu@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agols: fix support for long options when FEATURE_LS_COLOR is deselected
Laurent Bercot [Fri, 26 May 2017 14:50:53 +0000 (16:50 +0200)]
ls: fix support for long options when FEATURE_LS_COLOR is deselected

Declaration of ls_longopts and initialization of applet_long_options
were incorrectly guarded with ENABLE_FEATURE_LS_COLOR; that yielded a
"ls: NO_OPT: \xff" error message when long options were selected and
color support was not. This patch ensures long options are
initialized separately from color support.

Signed-off-by: Laurent Bercot <ska-dietlibc@skarnet.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoadd/remove-shell: copy /etc/shells mode to new file
Denys Vlasenko [Fri, 26 May 2017 14:45:28 +0000 (16:45 +0200)]
add/remove-shell: copy /etc/shells mode to new file

function                                             old     new   delta
add_remove_shell_main                                259     300     +41

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoash,hush: fix SIGCHLD interrupting read builtin
Denys Vlasenko [Mon, 22 May 2017 17:34:45 +0000 (19:34 +0200)]
ash,hush: fix SIGCHLD interrupting read builtin

function                                             old     new   delta
readcmd                                              169     217     +48
shell_builtin_read                                  1087    1097     +10
localcmd                                             366     364      -2
builtin_read                                         197     193      -4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/2 up/down: 58/-6)              Total: 52 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosv: update to match version 2.1.2 of runit
James Byrne [Mon, 15 May 2017 19:39:51 +0000 (21:39 +0200)]
sv: update to match version 2.1.2 of runit

Backport from upstream versions:
2.1.2
Sun, 10 Aug 2014 18:01:54 +0000
  * sv.c: properly format status command's output on failure cases.
  * sv.c: support optional LSB init script actions reload and
    try-restart.
  * sv.c: fix typo that may lead to wrong output from sv when reporting
    status of multiple service directories.

2.1.1
Sun, 04 Oct 2009 20:28:38 +0000
  * sv.c: on 'down', send runsv the 'down' command properly if not yet
    done (e.g. when taken up with 'once').

    [Remove previous workaround added to BusyBox version].

1.9.0
Mon, 05 May 2008 22:00:13 +0000
  * sv.c: service name is also relative to the current directory if it
    ends with a slash.

1.8.0
Fri, 21 Sep 2007 00:33:56 +0000
  * sv.c: fix race on check for down if pid is 0 and state is run or
    finish.

1.7.1
Sat, 04 Nov 2006 19:23:29 +0000
  * sv.c: properly wait for a service to be restarted on 'restart';
    support checks through -v for pause, cont, kill.

function                                             old     new   delta
sv                                                  1184    1280     +96
control                                              132     180     +48
status                                               118     139     +21
out                                                   64      85     +21
svstatus_print                                       334     344     +10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 5/0 up/down: 196/0)             Total: 196 bytes

Signed-off-by: James Byrne <james.byrne at origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agorunsv: update to match version 2.1.2 of runit
Denys Vlasenko [Mon, 15 May 2017 17:44:48 +0000 (19:44 +0200)]
runsv: update to match version 2.1.2 of runit

Backport from upstream versions:
2.1.0
Thu, 24 Sep 2009 22:49:33 +0000
  * runsv.c: exit with error if [log/]supervise/control exists, but is
    not a fifo.
    [Code abstracted into a separate function to make it more compact
    for BusyBox.]

1.9.0
Mon, 05 May 2008 22:00:13 +0000
  * runsv.c: create temporary new status files for log/supervise/
    actually in log/supervise/.

1.7.2
Tue, 21 Nov 2006 15:13:47 +0000
  * runsv.c: really don't act on commands in state finish; minor.

function                                             old     new   delta
open_control                                           -     135    +135
update_status                                        553     612     +59
custom                                               223     242     +19
ctrl                                                 426     422      -4
warn_cannot                                           21      10     -11
runsv_main                                          1786    1662    -124
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/3 up/down: 213/-139)           Total: 74 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosvlogd.c: support -ttt (dateTtime instead of date_time)
Denys Vlasenko [Mon, 15 May 2017 17:12:09 +0000 (19:12 +0200)]
svlogd.c: support -ttt (dateTtime instead of date_time)

Backport from upstream version:
1.7.0
Sat, 07 Oct 2006 18:24:17 +0000
  * svlogd.c: new option -ttt: prefix log messages with sortable UTC
    timestamp YYYY-MM-DDTHH:MM:SS.xxxxx.

function                                             old     new   delta
svlogd_main                                         1429    1454     +25
packed_usage                                       31575   31580      +5

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoudhcpc: do not accept --background on NOMMU (same as -b)
Denys Vlasenko [Mon, 8 May 2017 13:11:02 +0000 (15:11 +0200)]
udhcpc: do not accept --background on NOMMU (same as -b)

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoudhcpc: fix "udhcpc -x hostname:<name> not working on nommu"
Denys Vlasenko [Mon, 8 May 2017 13:02:07 +0000 (15:02 +0200)]
udhcpc: fix "udhcpc -x hostname:<name> not working on nommu"

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agodiff: fix -N and nonexistent files. Closes 7454
Denys Vlasenko [Fri, 5 May 2017 16:39:22 +0000 (18:39 +0200)]
diff: fix -N and nonexistent files. Closes 7454

function                                             old     new   delta
diffreg                                             1253    1310     +57
diff_main                                           1329    1355     +26
create_J                                            1819    1821      +2
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 85/0)               Total: 85 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agovi: survive if stdin is nonblocking. closes 9851
Denys Vlasenko [Tue, 2 May 2017 18:39:02 +0000 (20:39 +0200)]
vi: survive if stdin is nonblocking. closes 9851

function                                             old     new   delta
readit                                                55      69     +14

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agotime: inplement -f FMT
Denys Vlasenko [Fri, 28 Apr 2017 16:01:18 +0000 (18:01 +0200)]
time: inplement -f FMT

function                                             old     new   delta
time_main                                           1076    1134     +58
packed_usage                                       31577   31572      -5

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agotime: implement -a, -o FILE
Tommi Rantala [Fri, 28 Apr 2017 15:54:14 +0000 (17:54 +0200)]
time: implement -a, -o FILE

function                                             old     new   delta
time_main                                           1052    1076     +24
packed_usage                                       31571   31577      +6

Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agotime: document -p in usage
Tommi Rantala [Mon, 24 Apr 2017 16:08:53 +0000 (19:08 +0300)]
time: document -p in usage

Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agolsscsi: new applet
Markus Gothe [Tue, 18 Apr 2017 17:25:49 +0000 (19:25 +0200)]
lsscsi: new applet

function                                             old     new   delta
lsscsi_main                                            -     326    +326
applet_names                                        2613    2620      +7
applet_main                                         1512    1516      +4
applet_install_loc                                   189     190      +1
packed_usage                                       31566   31560      -6
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 3/1 up/down: 338/-6)            Total: 332 bytes

Signed-off-by: Markus Gothe <nietzsche@lysator.liu.se>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agoSpelling fixes in comments, documentation, tests and examples
Denys Vlasenko [Mon, 17 Apr 2017 14:13:32 +0000 (16:13 +0200)]
Spelling fixes in comments, documentation, tests and examples

By klemens <ka7@github.com>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agofactor: fix stray semicolon
Denys Vlasenko [Mon, 17 Apr 2017 13:57:07 +0000 (15:57 +0200)]
factor: fix stray semicolon

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agofactor: support "no-argvs" usage
Denys Vlasenko [Fri, 14 Apr 2017 12:23:49 +0000 (14:23 +0200)]
factor: support "no-argvs" usage

function                                             old     new   delta
factorize_numstr                                       -      72     +72
packed_usage                                       31562   31566      +4
factor_main                                          109     101      -8
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/1 up/down: 76/-8)              Total: 68 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agolibbb: fix "error: redefinition of 'is_tty_secure'"
Denys Vlasenko [Thu, 13 Apr 2017 15:55:05 +0000 (17:55 +0200)]
libbb: fix "error: redefinition of 'is_tty_secure'"

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agofactor: improve comments for sieving logic... also fix a typo
Denys Vlasenko [Thu, 13 Apr 2017 11:38:16 +0000 (13:38 +0200)]
factor: improve comments for sieving logic... also fix a typo

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agofix "loginutils/Config.in:319 error: Overlong line"
Denys Vlasenko [Thu, 13 Apr 2017 11:37:05 +0000 (13:37 +0200)]
fix "loginutils/Config.in:319 error: Overlong line"

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agofactor: improve comments for sieving logic
Denys Vlasenko [Thu, 13 Apr 2017 11:34:40 +0000 (13:34 +0200)]
factor: improve comments for sieving logic

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agolibbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD
Denys Vlasenko [Thu, 13 Apr 2017 11:04:05 +0000 (13:04 +0200)]
libbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7 years agosu: FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY
Denys Vlasenko [Thu, 13 Apr 2017 10:57:04 +0000 (12:57 +0200)]
su: FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY

When this feature is enabled, blank passwords are not accepted by su
unless the user is on a secure TTY defined in /etc/securetty. This
resembles the default PAM configuration of some Linux distros which
specify the nullok_secure option for pam_unix.so.

Based on patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>