Tiny Core Linux

Tiny Core Base => TCB Talk => Topic started by: Roberto A. Foglietta on August 10, 2021, 05:13:16 PM

Title: Suggestion for core modification
Post by: Roberto A. Foglietta on August 10, 2021, 05:13:16 PM
Hi all,

 I suggest the following modification to the core:


Thank you,
-R
Title: Re: Suggestion for core modification
Post by: curaga on August 10, 2021, 11:12:52 PM
Sorry, neither change is useful for the base. No base script embeds binary data, and they work with the busybox fdisk options.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 11, 2021, 08:50:23 AM
Dear Curaga,

 your user base might be larger than you think: also those are interested in using TC for embedded systems for example.
 I assume that they are a small fraction of users but for sure they could contribute more than average desktop user.

 I suggest to use this patch for busybox nosuid config, it adds only 4Kb in size

original version:

   600600 bytes (601 kB, 587 KiB)

suggested version:

   604696 bytes (605 kB, 591 KiB)

Thank you,
-R
Title: Re: Suggestion for core modification
Post by: curaga on August 11, 2021, 09:32:14 AM
I understand your concern, however keeping TC small is one of its main points. One man's feature is another's bloat.

CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS=y looks fine, but not sure about the others. In particular linking bash to ash is just going to break users' scripts.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 11, 2021, 09:51:39 AM
Dear Curaga,

 4kb is very small bloat but I see your point, 4kb today, 4kb tomorrow, etc.  ​However, it remains a small size to add.
 The base64 is included in a 2MB tce and it the only reasonable way to embedded binary data into scripts / text.
 
 Other features increase compatibility also for desktop users and this it is a good thing.

 About linking bash to ash: at the moment if bash is not installed the scripts based on bash will simply fails.
 Obviously, it might be better that they fails immediately than seem to work. I can understand the point.
 
 Do whatever you think sane, please.
 Thank you,
-R
 
Title: Re: Suggestion for core modification
Post by: Rich on August 11, 2021, 10:39:47 AM
Hi Roberto A. Foglietta
... The base64 is included in a 2MB tce and it the only reasonable way to embedded binary data into scripts / text. ...
True, but you can separate  base64  into its own extension.  Base64  is 30k and compresses down to 16k in an extension:
Code: [Select]
tc@E310:~/sq$ ls -l base64/usr/local/bin/base64
-rwxr-xr-x 1 tc staff 30316 Aug 11 13:26 base64/usr/local/bin/base64
tc@E310:~/sq$ ls -l
total 20
drwxr-sr-x 3 tc staff  4096 Aug 11 13:29 base64/
-rw-r--r-- 1 tc staff 16384 Aug 11 13:30 base64.tcz
tc@E310:~/sq$
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 11, 2021, 03:55:27 PM
Hi Rich, is there an easy way to create a tcz inside TC? Thank you, R.

EDIT: using mksquashfs with tce-load -wi squashfs-tools.tcz

EDIT2: however, the last version of TinyCore Editor (suite) [1] allows me to quickly modify the source code and the config of the busybox including adding patches and deploy the last version. Moreover, it lets me to include the compiled busybox into a the rootfs.gz/core.gz with a single command.

NOTE: if you want to add "Provide compatible behavior for rare corner cases" which is useful for desktop then base64 and nproc do not add extra size but stays into that 4KB. A free run, with a useful extension.

[1] https://github.com/robang74/tinycore-editor
Title: Re: Suggestion for core modification
Post by: Rich on August 11, 2021, 06:18:15 PM
Hi Roberto A. Foglietta
Hi Rich, is there an easy way to create a tcz inside TC? ...
Yes there is.

First create a work directory containing the subdirectories you need, for example:
Code: [Select]
mkdir -p package/usr/local/bin
Code: [Select]
mkdir -p package/usr/local/share/applications
Code: [Select]
mkdir -p package/usr/local/share/pixmaps
Populate those directories with the files you need. Then pack it up:
Code: [Select]
mksquashfs package MyExtension.tcz
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 11, 2021, 11:56:13 PM
Why do not use the following option in busybox? It can replace the busybox.suid approach.

(yes) Drop SUID state for most applets
(yes) Enable SUID configuration via /etc/busybox.conf (NEW)
(no) Suppress warning message if /etc/busybox.conf is not readable (NEW)

Used in combination with this /etc/busybox.conf [1] and obviously with the suided busybox, it will reduce size and simplify things: just one compilation and one binary instead of two.

original version:

   600600 bytes (601 kB, 587 KiB) nosuid
   75720 bytes (76 kB, 74 KiB) suid

suggested version:

   604696 bytes (605 kB, 591 KiB) nosuid
   75720 bytes (76 kB, 74 KiB) suid

suggested version but single file

   637464 bytes (637 kB, 623 KiB) single

In attachment the configuration file for a single file busybox.

As you can see my original version is 40kb larger because than yours (540kB) because I use -O2 for compilation.

I wish to receive a suggestion to use -Os because I tried to add to CFLAGS but it is ignored.

[1] http://lists.busybox.net/pipermail/busybox/2004-May/045643.html
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 12, 2021, 12:02:56 AM
This is /etc/busybox.conf for the change suggested above
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 12, 2021, 01:17:29 AM
If you adopt the single busybox file solution like I did in my suite, then

     etc/init.d/busybox-aliases
     etc/init.d/tc-config

should be purged by busybox.suid

Probably the etc/init.d/busybox-aliases becomes useless and might be removed.

Moreover with this you will save 14kB

roberto@vm-ubuntu18:~/tinycore-editor/tinycore$ advdef -z3 modules.gz
     8106613     8092402  99% modules.gz
     8106613     8092402  99%
roberto@vm-ubuntu18:~/tinycore-editor/tinycore$ echo $[8106613-8092402]
14211
Title: Re: Suggestion for core modification
Post by: Rich on August 12, 2021, 05:08:13 AM
Hi Roberto A. Foglietta
... I wish to receive a suggestion to use -Os because I tried to add to CFLAGS but it is ignored. ...
Look at the compile notes:
http://tinycorelinux.net/12.x/x86/release/src/busybox/compile_busybox
It uses  CC  and  CXX  instead of  CFLAGS  and  CXXFLAGS.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 12, 2021, 06:02:21 AM
@curaga, @rich

Let busybox doing a link /bin/bash to ash breaks the bash.tcz, it should not be allowed.

In attachment the new proposed configuration for a single file busybox.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 12, 2021, 06:40:34 AM
@Rich
I did it before and it did not work either with CC and CXX.
I do again, and it does not work. Both 1.33.0 and 1.331.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 12, 2021, 07:18:47 AM
@Rich
I did it before and it did not work either with CC and CXX.
I do again, and it does not work. Both 1.33.0 and 1.331.

I compile under Ubuntu, probably this is the main reason of the size difference: linking libraries.
Changing the compiling options, I reach 1.1 MiB of size.
So I think 624 KiB is the minimum on Ubuntu.
Title: Re: Suggestion for core modification
Post by: Rich on August 12, 2021, 07:36:48 AM
Hi Roberto A. Foglietta
I did it before and it did not work either with CC and CXX. ...
I did a little poking around in the tarball.

Try this:
Code: [Select]
make menuconfig
Hit  Enter  on the  Settings  menu entry.
Scroll down to  Additional CFLAGS  and hit  Enter.
Type in the additional flags you want and hit  Enter.

Proceed with your normal build and see if it took the extra flags.
Title: Re: Suggestion for core modification
Post by: curaga on August 12, 2021, 08:44:08 AM
The SUID separation is a security matter. If an adversary manages to write to that conf file, or the conf file logic is buggy -> havoc.

It also avoids some bug, which I do not remember the details of. You will have to search the forum if you want to know more about that.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 12, 2021, 08:53:58 AM
@curaga

Security? We are speaking about a system that by default allows sudo -s without password!  ;)

About bugs, I did not find anything searching in the forum with "SUID separation" or "busybox.conf"

Possibly, it might be the right time to rethink about it?
Title: Re: Suggestion for core modification
Post by: curaga on August 12, 2021, 10:37:50 PM
You are correct that we have sudo, but having sudo as a known decision does not mean other things need to be left open.

No, the bug was serious, breaking many scripts.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 13, 2021, 05:58:17 AM
No, the bug was serious, breaking many scripts.

The TinyCore Editor produce a single file busybox, I will test it. You might give it a try, also.
Title: Re: Suggestion for core modification
Post by: Rich on August 13, 2021, 11:55:18 AM
Hi Roberto A. Foglietta
... I wish to receive a suggestion to use -Os because I tried to add to CFLAGS but it is ignored. ...
Did you try adding  -Os  using the method I described here:
http://forum.tinycorelinux.net/index.php/topic,25191.msg160770.html#msg160770
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 13, 2021, 03:27:46 PM
Hi Roberto A. Foglietta
... I wish to receive a suggestion to use -Os because I tried to add to CFLAGS but it is ignored. ...
Did you try adding  -Os  using the method I described here:
http://forum.tinycorelinux.net/index.php/topic,25191.msg160770.html#msg160770

Yes but I did not manage to get below 624 kb with my configuration (which is busybox + busybox.suid together)

http://forum.tinycorelinux.net/index.php/topic,25191.msg160768.html#msg160768

The possible explanation and results are reported in the post above.

What do you think about my patches: trap ERR + global $LINENO?
Title: Re: Suggestion for core modification
Post by: Rich on August 14, 2021, 08:26:23 AM
Hi Roberto A. Foglietta
... What do you think about my patches: trap ERR + global $LINENO?
At 14000+ lines in  ash.c , that' a lot to take in. I don't fully understand everything that's going on in  ash.c, so I'm
not in much of a position to comment on your patches. I did notice you were fighting some recursion issues, which
tends to make life more interesting. ::)
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 14, 2021, 08:38:10 AM
I did notice you were fighting some recursion issues, which tends to make life more interesting. ::)

trap "function_that_can_fail()" ERR

As you can see, if the function called by the trap will fail the trap starts again. So recursion is not allowed.
What about trap in trap? It might happen: if the exit handler fails or the error handle exit the other trap starts.
Quite interesting job...

I have developed 5 patches that let me use the same syntax both in bash and in ash to manage the errors.
No dirty tricks anymore! :-)

I hope you will apply. Obviously, I submitted to busybox m-list, also.
Title: Re: Suggestion for core modification
Post by: Rich on August 14, 2021, 08:49:02 AM
Hi Roberto A. Foglietta
... I did not manage to get below 624 kb with my configuration ...
There may be a couple of other ways to reduce size:
1. Use  sstrip  instead of strip.
2. Set  Additional LDFLAGS  in  make menuconfig.

I did a small writeup on specifying which linker script the linker uses (LDFLAGS) and the impact on executable size:
http://forum.tinycorelinux.net/index.php/topic,23623.0.html
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 14, 2021, 08:26:40 PM
Hi Roberto A. Foglietta
... I did not manage to get below 624 kb with my configuration ...
There may be a couple of other ways to reduce size:
1. Use  sstrip  instead of strip.
2. Set  Additional LDFLAGS  in  make menuconfig.

1. sstrip reduce the size by 3KB: 624KB -> 621KB
2. I have just one linker script available on ubuntu (for each architecture)

Title: Re: Suggestion for core modification
Post by: Rich on August 14, 2021, 08:54:33 PM
Hi Roberto A. Foglietta
You could try copying  /usr/local/lib/ldscripts/elf_i386.xbn  and  /usr/local/lib/ldscripts/elf_x86_64.xbn  from Tinycore. They
are provided by  binutils.tcz.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 15, 2021, 09:20:32 AM
Hi Roberto A. Foglietta
You could try copying  /usr/local/lib/ldscripts/elf_i386.xbn  and  /usr/local/lib/ldscripts/elf_x86_64.xbn  from Tinycore. They
are provided by  binutils.tcz.

TinyCore Editor version 0.4.4 runs in TinyCore [1].
So, I can compile busybox directly into TC.

Suggested & patched single file busybox: 580 KB
Much lesser than original busybox+busybox.suid.

Thank you,
-R

[1] https://github.com/robang74/tinycore-editor/archive/refs/tags/v0.4.4.tar.gz

Choose "develop" in tinycore/tinycore.conf and follow the quick start in README.txt
Title: Re: Suggestion for core modification
Post by: Rich on August 15, 2021, 09:42:42 AM
Hi Roberto A. Foglietta
... Thank you
You are welcome. Using the other linker script shaved off 40K, very nice.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 18, 2021, 12:56:22 AM
These setting in busybox config

CONFIG_FEATURE_LESS_RAW=y
CONFIG_FEATURE_LESS_ENV=y

are useful to display colors when using git. the size increase is negible
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 18, 2021, 02:22:56 AM
These setting in busybox config

CONFIG_FEATURE_LESS_RAW=y
CONFIG_FEATURE_LESS_ENV=y

are useful to display colors when using git. the size increase is negible

or add less.tcz to git dependencies. Thank you, R.
Title: Re: Suggestion for core modification
Post by: curaga on August 18, 2021, 08:23:44 AM
BB less lacks some other features I commonly use with git. However it's an optional thing, you can configure your git less options.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 18, 2021, 08:37:57 AM
you can configure your git less options.

Or you can add less.tgz to git dependencies, it only 74Kb.  ;)
Title: Re: Suggestion for core modification
Post by: curaga on August 19, 2021, 12:53:30 AM
That is not the TC philosophy.
Title: Re: Suggestion for core modification
Post by: Roberto A. Foglietta on August 20, 2021, 05:33:28 PM
You are correct that we have sudo, but having sudo as a known decision does not mean other things need to be left open.

No, the bug was serious, breaking many scripts.

I did an extensive search on the forum about the use of busybox.suid and I found this, for example:

http://forum.tinycorelinux.net/index.php/topic,24512.msg155587.html#msg155587

It is just an example but it is fine for a general consideration: existing script might call busybo.suid included those are embedded into TCZ extensions. This makes the single busybox file not viable, at first glance. To address this problem, I have created a script named busybox.suid that redirect to these calls to busybox. So the system is not aware that everything has been aggregate into one single executable.

About security: you are not going to remove sudo, IMHO. So, the busybox single file do not add insecurity to the current configuration. Moreover, busybox is open source and its code is deeply checked. So, it can be trusted that it drops suid in a safe way.

Then, the only remaining issue is about violation against /etc/busybox.conf. This file is included into rootfs.gz so its initial permissions are safely/correctly set. This means that ownership/permission/content will be reset at any boot. However, the user using sudo might inadvertently changed the permissions/ownership but these changes will not last and we cannot defend the system against the users especially if they manage it by a passwordless sudo.

So, at the end of the day the only remaining security concern is about sudo not busybox.

Soon, Tinycore Editor will be ready also for x86 32bit - by now it is ready for x86 64bit. I suggest to give to it a try, loading an Xserver and doing some common stuff to check if any problem will arise. I suggest to use the v0.4.9 in such a way, we will have a reference point to check each others any kind of issue.

https://github.com/robang74/tinycore-editor/archive/refs/tags/v0.4.9.tar.gz

I also suggest to use meta-packages: after the first ISO/USB image has been produced do

cd tinycore
sudo ./tczmetamerge.sh
cd ..
./make.sh iso (or image)

In this way and since the tcz/*-meta.tcz* will be removed, the ISO/USB image produced will use meta-package which aggregate the TCZ in four onion rings: sshonly, usbkey, develop, devtools.

Thank you,
-R