busybox-w32 version FRP-5007-g82accfc19 was released on 2023-05-28. It is no longer current. For other release notes see:
~ $ ssh rmy@localhost rmy@localhost's password: ~ # id uid=0(root) gid=0(root) groups=0(root) ~ #
The ~ #
prompt and the output of id
indicate
we're running as root.
As with many things related to ownership and permissions this isn't entirely true. busybox-w32 tries to relate what's actually happening on Windows to how things might be expected to work on Unix. In fact, we're running as rmy but with elevated privileges.
Normally when elevated privileges are required for an operation Windows displays a User Access Control (UAC) prompt. The Microsoft OpenSSH developers couldn't think of a way to do this remotely, so they made the design decision that any user who is an administrator would be given elevated privileges when they logged in.
This is fine if you need to do things that require elevated privileges, but that isn't always the case: some things are best done without elevated privileges.
They've thus replaced one problem (not being able to raise privilege when working remotely) with a different one (not being able to drop privilege if we want to run as a normal user).
The new drop
applet makes it possible to drop elevated
privileges. Without any arguments it starts an interactive, unprivileged
shell:
~ # drop ~ $ id uid=4095(rmy) gid=4095(rmy) groups=4095(rmy) ~ $
It can also be used to run a single command without privilege:
~ # drop -c 'id -un' rmy ~ # drop -- id -un rmy ~ #To drop privilege for the rest of the remote session use:
~ # exec drop ~ $
The cdrop
and pdrop
applets are similar but
use cmd.exe
and PowerShell instead of the busybox-w32 shell.
The mechanism used to drop privilege results in a state that's almost, but not quite, exactly like being unprivileged. In some cases applications may, incorrectly, think they're running with privileges. If they try to perform a privileged operation, though, it should fail.
(GitHub issue #240)
su
applet has been updated so its arguments more
closely match those on Unix. As well as the -c
option
it also now supports passing arbitrary options and arguments to the
shell. To conform to the Unix command line layout this requires a
username to be supplied, which must be root
.
The usage may be summarised as:
su [options] -c CMD_STRING [[--] root [ARG0 [ARG...]]] su [options] [[--] root [arbitrary shell arguments]]
Note:
-c
is an option to both su
and the shell. It can be placed before or after root
.
su
doesn't stop looking for options when the
first non-option argument is found. It may be necessary to use the
--
option to prevent shell options being interpreted by
su
.
--
after
root
to prevent the shell from interpreting options intended
for the command being run.
The new shell started by su
appears in a separate window,
unlike on Unix where the shell reuses the same terminal. Two non-standard
options have been added to assist in dealing with this different behaviour.
-N
option causes the privileged shell to
pause on exit with a request for the user to press any key to dismiss it.
This allows the user to examine any output before the shell is closed.
-W
option causes the su
process to wait for the privileged shell to exit and return its status.
(GitHub issue #314, PR #317)
ABRT
, FPE
, ILL
, INT
,
SEGV
and TERM
.
While the operating system may raise some of these signals it doesn't
allow programs to send them. The mechanism used to interrupt programs
with Ctrl-C is entirely distinct from the INT
signal.
Much of the support for signals in busybox-w32 therefore has to be implemented from scratch. There are some limitations:
kill
applet doesn't actually send any
signals. Instead it asks the target program to exit as if it had
received a signal.
trap
shell builtin is unable to handle
or ignore "signals" sent by kill
.
There have been some recent changes in this area:
HUP
and QUIT
are
commonly trapped in shell scripts. These are now accepted so scripts
copied across from Unix will, at least, not fail to run when they're
encountered.
trap
for the INT
signal handles Ctrl-C interrupts. It doesn't handle kill -INT
.
There's considerable variation in how shells respond to Ctrl-C interrupts,
particularly in how interrupts interact with the read
builtin.
It's possible this implementation won't match what your favourite
shell does. (GitHub issue #303)
xargs
receives a Ctrl-C interrupt it now
kills its currently running children as if with an INT
signal.
(GitHub issue #306)
kill
and timeout
can (pretend to)
send any of the known signals to their target.
This doesn't affect how the target reacts, but the
target's parent should see that its child was killed by a signal.
Use kill -l
to list the known signals.
BB_SKIP_ANSI_EMULATION
was introduced
in FRP-3466 to control the output of
ANSI escape sequences. They could either be emulated using the console
API or output verbatim to terminals that supported them.
The Windows Terminal can also support virtual terminal (VT) sequences on input. This more closely matches how things like cursor keys are handled on Unix. In contrast, busybox-w32 has previously always used the Windows console API for this purpose.
In this release support for VT input has been enabled. This means busybox-w32 can now handle all I/O modes available in the Windows Terminal and Windows Console applications.
The environment variable BB_TERMINAL_MODE
controls the
input and output modes of the terminal. The allowed values are integers from
0 to 5 with the behaviour described in the key below:
Mode | Input | Output ----------------------- 0 | C | C 1 | C | V 2 | V | C 3 | V | V 4 | D | D 5 | D | V
The default value is 5, which should work well in most cases. Values 0-3 are probably only useful for testing as they may result in incorrect behaviour.
BB_SKIP_ANSI_EMULATION
is still supported, though it may be
removed in future. If both variables are set BB_TERMINAL_MODE
takes precedence over BB_SKIP_ANSI_EMULATION
.
ssh
with the -c
option.
Again, a workaround has been applied. Note that workarounds for problems
with third-party applications can't be guaranteed to continue working
in the future.
(GitHub issue #288)
PATH
being searched. This has been fixed.
(GitHub issue #310)
iconv -o
now opens a temporary file for output
and renames it on completion. This avoids a problem if the same file is
used for input and output.
(GitHub issue #318)
wget
applet now displays a progress bar
by default. The -q
option disables it.
~/AppData/Local/Microsoft/WindowsApps
on Windows 10 and 11 where they're used to launch applications from the
Microsoft Store. To busybox-w32 they appear as symbolic links.
(GitHub issue #327)
find
applet supports the
-ok CMD ARG ;
option. This is similar to -exec
but it prompts the user to confirm that the command should be run.
trap
and jobs
shell builtins
with no arguments now work in pipelines and process substitution.
seq
applet accepts negative parameters.
tr
applet displays a usage message if it
doesn't have the correct non-option arguments. (GitHub issue #312)