pox

command

v0.10.0 Latest Latest Go to latest Published: Oct 10, 2022 License: BSD-3-Clause Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/u-root/u-root

Links

Open Source Insights

Documentation ¶

Overview ¶

pox packages dynamic executable into an archive.

Synopsis:

pox [-[-verbose]|v] [-[-file]|f tcz-file] -[-create]|c FILE [...FILE]
pox [-[-verbose]|v] [-[-file]|f tcz-file] -[-run|r] PROGRAM -- [...ARGS]
pox [-[-verbose]|v] [-[-file]|f tcz-file] -[-create]|c -[-run|r] PROGRAM -- [...ARGS]

Description:

pox packages a dynamic executable into an archive for use on another
machine. By default, it uses the tcz format compatible with tinycore.

pox supports 3 archive formats:
1) squashfs (default): The tcz is a squashfs. This requires mksquashfs.
2) zip
3) elf+zip: Self-extracting.

Options:

create|c: create the TCZ file.
verbose|d: verbose
file|f FILE: file name (default /tmp/pox.tcz)
run|r: Runs the first non-flag argument to pox.  Remaining arguments will
       be passed to the program.  Use '--' before any flag-like arguments
       to prevent pox from interpretting the flags.
self|s: Create a self-extracting elf. This implies -z.
zip|z: Use zip and unzip instead of a loopback mounted squashfs. Be sure
       to use -z for both creation and running, or not at all.
For convenience and testing, you can create and run a pox in one command.

Example:

$ pox -c /bin/bash /bin/cat /bin/ls /etc/hosts
Will build a squashfs, which will be /tmp/pox.tcz

$ sudo pox -r /bin/bash
Will drop you into the /tmp/pox.tcz running bash
You can use ls and cat on /etc/hosts.

Simpler example, with arguments:
$ sudo pox -r /bin/ls -- -la
will run `ls -la` and exit.

$ sudo pox -r -- /bin/ls -la
Syntactically easier: the program name can come after '--'

$ sudo pox -c -r /bin/bash
Create a pox with a bash and run it.

$ pox -cvsf date /bin/date
Creates a self-executing pox called "date".
$ ./date --utc

Notes:

When running a pox, you likely need sudo to chroot
Binaries run out of a chroot often need files you are unaware of. For instance, if bash can't find terminfo files, it won't know to handle backspaces properly. (They occur, but are not shown). To fix this, pass pox all of the files you need. For bash: `find /lib/terminfo -type f`.
Other programs rely on helper functions, such as '/bin/man'. If your program has built-in help commands that trigger man pages, e.g. "git help foo", you'll want to include /bin/man too. But you'll also need everything that man uses, such as /etc/manpath.config. My advice: skip it.
When adding all files in a directory, the easiest thing to do is: `find $DIR -type f` (Note the ticks: this is a bash command execution).
When creating a pox with an executable with shared libraries that are not installed on your system, such as for a project installed in your home directory, run pox from the installation prefix directory, such that the lib/ and bin/ are in pox's working directory. Pox will strip its working directory from the paths of the files it builds. Having bin/ in the root of the pox file helps with PATH lookups, and not having the full path from your machine in the pox file makes it easier to extract a pox file to /usr/local/.
pox is not a security boundary. chroot is well known to have holes. Pox is about enabling execution. Don't expect it to "wall things off". In fact, we mount /dev, /proc, and /sys; and you can add more things. Commands run under pox are just as dangerous as anything else.

Source Files ¶

View all Source files

pox.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL