[Buildroot] Boot without busybox

[Buildroot] Boot without busybox

[Ranran]

Hello,

As part of Linux hardening we want to remove busybox from filesystem.
But I am not sure if system can boot without it.
I am quite sure that there are init files that depends on busybox.

Is it possible to boot without busybox or does it require a custom init ?

Thank you,
ranran

[Buildroot] Boot without busybox

[Michael Nazzareno Trimarchi]

Hi

On Sat, Oct 20, 2018 at 9:05 AM Ranran <ranshalit@gmail.com> wrote:
>
> Hello,
>
> As part of Linux hardening we want to remove busybox from filesystem.
> But I am not sure if system can boot without it.
> I am quite sure that there are init files that depends on busybox.

Why you just strip down busybox. Hardening of a minimal init script that come
from busybox seems more reasonable then try to go to start linux init.

>
> Is it possible to boot without busybox or does it require a custom init ?

Let's start that you require some process that it will be your init.
It can be a very limited
an custom one

Michael

>
> Thank you,
> ranran
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot



-- 
| Michael Nazzareno Trimarchi                     Amarula Solutions BV |
| COO  -  Founder                                      Cruquiuskade 47 |
| +31(0)851119172                                 Amsterdam 1018 AM NL |
|                  [`as] http://www.amarulasolutions.com               |

[Buildroot] Boot without busybox

[Ranran]

On Sat, Oct 20, 2018 at 10:07 AM Michael Nazzareno Trimarchi
<michael@amarulasolutions.com> wrote:
>
> Hi
>
> On Sat, Oct 20, 2018 at 9:05 AM Ranran <ranshalit@gmail.com> wrote:
> >
> > Hello,
> >
> > As part of Linux hardening we want to remove busybox from filesystem.
> > But I am not sure if system can boot without it.
> > I am quite sure that there are init files that depends on busybox.
>
> Why you just strip down busybox. Hardening of a minimal init script that come
> from busybox seems more reasonable then try to go to start linux init.
>
> >
> > Is it possible to boot without busybox or does it require a custom init ?
>
> Let's start that you require some process that it will be your init.
> It can be a very limited
> an custom one

Do you mean start minimizing busybox with "make busybox-menuconfig" ?
Should I choose busybox init or another init system (such as systemd) ?
When doing such process, is it easy to understand what the cause of
failure whenever something in init fails ?

Thanks,
Ran


>
> Michael
>
> >
> > Thank you,
> > ranran
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
>
>
>
> --
> | Michael Nazzareno Trimarchi                     Amarula Solutions BV |
> | COO  -  Founder                                      Cruquiuskade 47 |
> | +31(0)851119172                                 Amsterdam 1018 AM NL |
> |                  [`as] http://www.amarulasolutions.com               |

[Buildroot] Boot without busybox

[Ranran]

On Sat, Oct 20, 2018 at 3:29 PM Arnout Vandecappelle <arnout@mind.be> wrote:
>
>
>
> On 20/10/2018 08:04, Ranran wrote:
> > Hello,
> >
> > As part of Linux hardening we want to remove busybox from filesystem.
>
>  How does replacing busybox with bloatware harden your system?
>
I actually thought of removing it totally (no replacement), but if
this is not possible on buildroot we might consider other alternatives
(such as minimizing its capability).

> > But I am not sure if system can boot without it.
> > I am quite sure that there are init files that depends on busybox.
> >
> > Is it possible to boot without busybox or does it require a custom init ?
>
>  We have support for 3 different init systems: busybox, sysvinit, and systemd.
> There is also the "none" option, but then you're on your own for finding the
> appropriate init system. You can use it for using s6 as init system, for example.
>
>  If you remove Busybox entirely, you will also have to manually select all the
> other packages needed to get a minimal Unix system, like GNU coreutils, some
> shell, util-linux, ...
>

Isn't removing buildroot just a matter of selections in menuconfig ?
I mean, must I know which package should be replcaed with others or is
it that buildroot menu shall automatically choose for me the correct
selection when I remove busybox ?

Thanks,
ranran

>  Regards,
>  Arnout
>
> >
> > Thank you,
> > ranran
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
> >

[Buildroot] Boot without busybox

[Arnout Vandecappelle]

On 20/10/2018 17:03, Ranran wrote:
> On Sat, Oct 20, 2018 at 3:29 PM Arnout Vandecappelle <arnout@mind.be> wrote:
>>
>>
>>
>> On 20/10/2018 08:04, Ranran wrote:
>>> Hello,
>>>
>>> As part of Linux hardening we want to remove busybox from filesystem.
>>
>>  How does replacing busybox with bloatware harden your system?
>>
> I actually thought of removing it totally (no replacement), but if
> this is not possible on buildroot we might consider other alternatives
> (such as minimizing its capability).

 Assuming you want an actual *working*, *running* system, you will need
*something* to provide the basic userspace functionality: init, shell,
coreutils, etc. You have the choice between using busybox for that (small, thus
easy to harden), or the "full packages" (many different packages, all of them
much larger than busybox, so most likely more difficult to harden).

> 
>>> But I am not sure if system can boot without it.
>>> I am quite sure that there are init files that depends on busybox.
>>>
>>> Is it possible to boot without busybox or does it require a custom init ?
>>
>>  We have support for 3 different init systems: busybox, sysvinit, and systemd.
>> There is also the "none" option, but then you're on your own for finding the
>> appropriate init system. You can use it for using s6 as init system, for example.
>>
>>  If you remove Busybox entirely, you will also have to manually select all the
>> other packages needed to get a minimal Unix system, like GNU coreutils, some
>> shell, util-linux, ...
>>
> 
> Isn't removing buildroot just a matter of selections in menuconfig ?

 Yes it is. Well, you need to select a different init system before you're able
to remove it in menuconfig.

 However, that will leave you with a system that doesn't work. It will boot, it
will start init, but then init is not able to start any other process because
there is no shell.

> I mean, must I know which package should be replcaed with others or is
> it that buildroot menu shall automatically choose for me the correct
> selection when I remove busybox ?

 That's the point: buidroot does *not* do that for you. It just prints a warning
that your config might be broken :-).

 Note that you may actually get away with building a system without any of the
standard tools (shell, ls, etc.). For example, a "boot-to-gecko" kind of system
in theory needs nothing other than firefox, and firefox can be used directly as
the "init system". But again, you're on your own to make sure that this actually
works.

 Regards,
 Arnout

[Buildroot] Boot without busybox

[Michael Nazzareno Trimarchi]

Hi Ran

On Sat, Oct 20, 2018 at 6:35 PM Arnout Vandecappelle <arnout@mind.be> wrote:
>
>
>
> On 20/10/2018 17:03, Ranran wrote:
> > On Sat, Oct 20, 2018 at 3:29 PM Arnout Vandecappelle <arnout@mind.be> wrote:
> >>
> >>
> >>
> >> On 20/10/2018 08:04, Ranran wrote:
> >>> Hello,
> >>>
> >>> As part of Linux hardening we want to remove busybox from filesystem.
> >>
> >>  How does replacing busybox with bloatware harden your system?
> >>
> > I actually thought of removing it totally (no replacement), but if
> > this is not possible on buildroot we might consider other alternatives
> > (such as minimizing its capability).
>
>  Assuming you want an actual *working*, *running* system, you will need
> *something* to provide the basic userspace functionality: init, shell,
> coreutils, etc. You have the choice between using busybox for that (small, thus
> easy to harden), or the "full packages" (many different packages, all of them
> much larger than busybox, so most likely more difficult to harden).

Every process fork from init. If you have one process you can boot to
your process
directly cmdline of the kernel init=.... or you can create your own
one simple enough.

Normally CVE exploit are on top of standard service. As any other
services busybox
is normally checked and used.

Can you please give a list of what init should do in your system?

Michael

>
> >
> >>> But I am not sure if system can boot without it.
> >>> I am quite sure that there are init files that depends on busybox.
> >>>
> >>> Is it possible to boot without busybox or does it require a custom init ?
> >>
> >>  We have support for 3 different init systems: busybox, sysvinit, and systemd.
> >> There is also the "none" option, but then you're on your own for finding the
> >> appropriate init system. You can use it for using s6 as init system, for example.
> >>
> >>  If you remove Busybox entirely, you will also have to manually select all the
> >> other packages needed to get a minimal Unix system, like GNU coreutils, some
> >> shell, util-linux, ...
> >>
> >
> > Isn't removing buildroot just a matter of selections in menuconfig ?
>
>  Yes it is. Well, you need to select a different init system before you're able
> to remove it in menuconfig.
>
>  However, that will leave you with a system that doesn't work. It will boot, it
> will start init, but then init is not able to start any other process because
> there is no shell.
>
> > I mean, must I know which package should be replcaed with others or is
> > it that buildroot menu shall automatically choose for me the correct
> > selection when I remove busybox ?
>
>  That's the point: buidroot does *not* do that for you. It just prints a warning
> that your config might be broken :-).
>
>  Note that you may actually get away with building a system without any of the
> standard tools (shell, ls, etc.). For example, a "boot-to-gecko" kind of system
> in theory needs nothing other than firefox, and firefox can be used directly as
> the "init system". But again, you're on your own to make sure that this actually
> works.
>
>  Regards,
>  Arnout
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot



-- 
| Michael Nazzareno Trimarchi                     Amarula Solutions BV |
| COO  -  Founder                                      Cruquiuskade 47 |
| +31(0)851119172                                 Amsterdam 1018 AM NL |
|                  [`as] http://www.amarulasolutions.com               |

[Buildroot] Boot without busybox

[Ranran]

On Sat, Oct 20, 2018 at 9:07 PM Michael Nazzareno Trimarchi
<michael@amarulasolutions.com> wrote:
>
> Hi Ran
>
> On Sat, Oct 20, 2018 at 6:35 PM Arnout Vandecappelle <arnout@mind.be> wrote:
> >
> >
> >
> > On 20/10/2018 17:03, Ranran wrote:
> > > On Sat, Oct 20, 2018 at 3:29 PM Arnout Vandecappelle <arnout@mind.be> wrote:
> > >>
> > >>
> > >>
> > >> On 20/10/2018 08:04, Ranran wrote:
> > >>> Hello,
> > >>>
> > >>> As part of Linux hardening we want to remove busybox from filesystem.
> > >>
> > >>  How does replacing busybox with bloatware harden your system?
> > >>
> > > I actually thought of removing it totally (no replacement), but if
> > > this is not possible on buildroot we might consider other alternatives
> > > (such as minimizing its capability).
> >
> >  Assuming you want an actual *working*, *running* system, you will need
> > *something* to provide the basic userspace functionality: init, shell,
> > coreutils, etc. You have the choice between using busybox for that (small, thus
> > easy to harden), or the "full packages" (many different packages, all of them
> > much larger than busybox, so most likely more difficult to harden).
>
> Every process fork from init. If you have one process you can boot to
> your process
> directly cmdline of the kernel init=.... or you can create your own
> one simple enough.
>
> Normally CVE exploit are on top of standard service. As any other
> services busybox
> is normally checked and used.
>
> Can you please give a list of what init should do in your system?

Yes, the init should:
1. start my application only , no use of shell , only ethernet for
application communication.
2, simple firewall (in userspace or kernel)
3. start selinux (please comment if you think it is wrong doing it
from this minimzed init)
4. optional - start auditd (or implement my own sort of auditd).

As you see no shell, or other busybox commands is required.

Thanks,
ranran

>
> Michael
>
> >
> > >
> > >>> But I am not sure if system can boot without it.
> > >>> I am quite sure that there are init files that depends on busybox.
> > >>>
> > >>> Is it possible to boot without busybox or does it require a custom init ?
> > >>
> > >>  We have support for 3 different init systems: busybox, sysvinit, and systemd.
> > >> There is also the "none" option, but then you're on your own for finding the
> > >> appropriate init system. You can use it for using s6 as init system, for example.
> > >>
> > >>  If you remove Busybox entirely, you will also have to manually select all the
> > >> other packages needed to get a minimal Unix system, like GNU coreutils, some
> > >> shell, util-linux, ...
> > >>
> > >
> > > Isn't removing buildroot just a matter of selections in menuconfig ?
> >
> >  Yes it is. Well, you need to select a different init system before you're able
> > to remove it in menuconfig.
> >
> >  However, that will leave you with a system that doesn't work. It will boot, it
> > will start init, but then init is not able to start any other process because
> > there is no shell.
> >
> > > I mean, must I know which package should be replcaed with others or is
> > > it that buildroot menu shall automatically choose for me the correct
> > > selection when I remove busybox ?
> >
> >  That's the point: buidroot does *not* do that for you. It just prints a warning
> > that your config might be broken :-).
> >
> >  Note that you may actually get away with building a system without any of the
> > standard tools (shell, ls, etc.). For example, a "boot-to-gecko" kind of system
> > in theory needs nothing other than firefox, and firefox can be used directly as
> > the "init system". But again, you're on your own to make sure that this actually
> > works.
> >
> >  Regards,
> >  Arnout
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
>
>
>
> --
> | Michael Nazzareno Trimarchi                     Amarula Solutions BV |
> | COO  -  Founder                                      Cruquiuskade 47 |
> | +31(0)851119172                                 Amsterdam 1018 AM NL |
> |                  [`as] http://www.amarulasolutions.com               |

[Buildroot] Boot without busybox

[Michael Nazzareno Trimarchi]

Hi

On Sat, Oct 20, 2018 at 10:12 PM Ranran <ranshalit@gmail.com> wrote:
>
> On Sat, Oct 20, 2018 at 9:07 PM Michael Nazzareno Trimarchi
> <michael@amarulasolutions.com> wrote:
> >
> > Hi Ran
> >
> > On Sat, Oct 20, 2018 at 6:35 PM Arnout Vandecappelle <arnout@mind.be> wrote:
> > >
> > >
> > >
> > > On 20/10/2018 17:03, Ranran wrote:
> > > > On Sat, Oct 20, 2018 at 3:29 PM Arnout Vandecappelle <arnout@mind.be> wrote:
> > > >>
> > > >>
> > > >>
> > > >> On 20/10/2018 08:04, Ranran wrote:
> > > >>> Hello,
> > > >>>
> > > >>> As part of Linux hardening we want to remove busybox from filesystem.
> > > >>
> > > >>  How does replacing busybox with bloatware harden your system?
> > > >>
> > > > I actually thought of removing it totally (no replacement), but if
> > > > this is not possible on buildroot we might consider other alternatives
> > > > (such as minimizing its capability).
> > >
> > >  Assuming you want an actual *working*, *running* system, you will need
> > > *something* to provide the basic userspace functionality: init, shell,
> > > coreutils, etc. You have the choice between using busybox for that (small, thus
> > > easy to harden), or the "full packages" (many different packages, all of them
> > > much larger than busybox, so most likely more difficult to harden).
> >
> > Every process fork from init. If you have one process you can boot to
> > your process
> > directly cmdline of the kernel init=.... or you can create your own
> > one simple enough.
> >
> > Normally CVE exploit are on top of standard service. As any other
> > services busybox
> > is normally checked and used.
> >
> > Can you please give a list of what init should do in your system?
>
> Yes, the init should:
> 1. start my application only , no use of shell , only ethernet for
> application communication.

You need to start dhcp and have some service that manage it.

You can create a simple main that start all together and call from cmdline

> 2, simple firewall (in userspace or kernel)

the same you can setup iptables

> 3. start selinux (please comment if you think it is wrong doing it
> from this minimzed init)

init of android is doing more or less what you need

Michael

> 4. optional - start auditd (or implement my own sort of auditd).
>
> As you see no shell, or other busybox commands is required.
>
> Thanks,
> ranran
>
> >
> > Michael
> >
> > >
> > > >
> > > >>> But I am not sure if system can boot without it.
> > > >>> I am quite sure that there are init files that depends on busybox.
> > > >>>
> > > >>> Is it possible to boot without busybox or does it require a custom init ?
> > > >>
> > > >>  We have support for 3 different init systems: busybox, sysvinit, and systemd.
> > > >> There is also the "none" option, but then you're on your own for finding the
> > > >> appropriate init system. You can use it for using s6 as init system, for example.
> > > >>
> > > >>  If you remove Busybox entirely, you will also have to manually select all the
> > > >> other packages needed to get a minimal Unix system, like GNU coreutils, some
> > > >> shell, util-linux, ...
> > > >>
> > > >
> > > > Isn't removing buildroot just a matter of selections in menuconfig ?
> > >
> > >  Yes it is. Well, you need to select a different init system before you're able
> > > to remove it in menuconfig.
> > >
> > >  However, that will leave you with a system that doesn't work. It will boot, it
> > > will start init, but then init is not able to start any other process because
> > > there is no shell.
> > >
> > > > I mean, must I know which package should be replcaed with others or is
> > > > it that buildroot menu shall automatically choose for me the correct
> > > > selection when I remove busybox ?
> > >
> > >  That's the point: buidroot does *not* do that for you. It just prints a warning
> > > that your config might be broken :-).
> > >
> > >  Note that you may actually get away with building a system without any of the
> > > standard tools (shell, ls, etc.). For example, a "boot-to-gecko" kind of system
> > > in theory needs nothing other than firefox, and firefox can be used directly as
> > > the "init system". But again, you're on your own to make sure that this actually
> > > works.
> > >
> > >  Regards,
> > >  Arnout
> > > _______________________________________________
> > > buildroot mailing list
> > > buildroot at busybox.net
> > > http://lists.busybox.net/mailman/listinfo/buildroot
> >
> >
> >
> > --
> > | Michael Nazzareno Trimarchi                     Amarula Solutions BV |
> > | COO  -  Founder                                      Cruquiuskade 47 |
> > | +31(0)851119172                                 Amsterdam 1018 AM NL |
> > |                  [`as] http://www.amarulasolutions.com               |



-- 
| Michael Nazzareno Trimarchi                     Amarula Solutions BV |
| COO  -  Founder                                      Cruquiuskade 47 |
| +31(0)851119172                                 Amsterdam 1018 AM NL |
|                  [`as] http://www.amarulasolutions.com               |