Age | Commit message (Collapse) | Author | |
---|---|---|---|
2005-05-18 | Doug Swarin pointed out a security bug in the -i option of sed. | Rob Landley | |
While the permissions on the temp file are correct to prevent it from being maliciously mangled by passing strangers, (created with 600, opened O_EXCL, etc), the permissions on the _directory_ might not be, and we re-open the file to convert the filehandle to a FILE * (and automatically get an error message and exit if the directory's read-only or out of space or some such). This opens a potential race condition if somebody's using dnotify on the directory, deletes/renames the tempfile, and drops a symlink or something there. Somebody running sed -i as root in a world writeable directory could do damage. I dug up notes on an earlier discussion where we looked at the security implications of this (unfortunately on the #uclibc channel rather than email; I don't have a transcript, just notes-to-self) which pointed out that if the permissions on the directory allow other people's files to be deleted/renamed then the original file is vulnerable to sabotage anyway. However, there are two cases that discussion apparently didn't take into account: 1) Using another user's permissions to damage files in other directories you can't access (standard symlink attack). 2) Reading data another user couldn't otherwise access by having the new file belong to that other user. This patch uses fdopen to convert the filehandle into a FILE *, rather than reopening the file. | |||
2005-05-16 | use more busybox functions and remove redundant code | Mike Frysinger | |
2005-05-16 | make sure we add the local dir to the include path | Mike Frysinger | |
2005-05-15 | Tito pointed out I'd broken -t (argv[optind] can't be before getulflags), | Rob Landley | |
and replaced the use of system() (and resulting security implications). | |||
2005-05-14 | Add automatic umount support to eject command. Patch from Tito, | Rob Landley | |
with tweaks from Mike Frysinger and Rob Landley. Note: this will still fail to umount a path that contains an ' or \ character. Is it worth the extra size to filter for that? | |||
2005-05-13 | as Rob Landley pointed out, need to fix the 1 versus i typo in indexing | Mike Frysinger | |
2005-05-13 | blah, forgot to save last time to fix whitespacing | Mike Frysinger | |
2005-05-13 | remove duplicated code and rework algorithms to end up with smaller code | Mike Frysinger | |
2005-05-12 | use a bunch of if statements since it is a few bytes smaller than a switch; ↵ | Mike Frysinger | |
also use bb_xfopen() instead of fopen() so comm doesnt segfault when given non-existant files :( | |||
2005-05-12 | err, added 2 to the wrong var :) also touchup the option detection to shrink ↵ | Mike Frysinger | |
size | |||
2005-05-12 | fix segfault if user only specifies 1 file | Mike Frysinger | |
2005-05-12 | update usage to match actual behavior | Mike Frysinger | |
2005-05-12 | fix whitespace/coding style | Mike Frysinger | |
2005-05-12 | add missing comm.o rule | Mike Frysinger | |
2005-05-12 | whitespace touchups | Mike Frysinger | |
2005-05-11 | This makefile was a mess. Fix it to work as intended. | Eric Andersen | |
-Erik | |||
2005-05-11 | Small comm implementatin from Rob Sullivan. Needed to build perl. | Rob Landley | |
2005-05-11 | import ether-wake applet by haveaniceday Bug 252 | Mike Frysinger | |
2005-05-11 | change the hardcoded error constant (0x80000000UL) to a nice flexible define ↵ | Mike Frysinger | |
(BB_GETOPT_ERROR) | |||
2005-05-11 | import eject by Peter Willis / Tito Ragusa | Mike Frysinger | |
2005-05-11 | now that mjn3 explained it to me, add documentation for the 3rd field in ↵ | Mike Frysinger | |
long opts | |||
2005-05-10 | Patch from Jason Schoon to add IPV6 support to telnetd. Reworked by Rob | Rob Landley | |
Landley to remove an #ifdef and move another one out of the flow of code. | |||
2005-05-10 | add documentation for long options and touch up the current docs now that i ↵ | Mike Frysinger | |
actually understand how to use the function myself :) | |||
2005-05-09 | import more libs to prep for new e2fsprogs | Mike Frysinger | |
2005-05-09 | import ext2fs lib to prep for new e2fsprogs | Mike Frysinger | |
2005-05-09 | no longer applies | Mike Frysinger | |
2005-05-09 | import base_device.c for fsck | Mike Frysinger | |
2005-05-09 | remove unused files | Mike Frysinger | |
2005-05-09 | trim out useless defines and use some busybox funcs | Mike Frysinger | |
2005-05-09 | override nls P_() macro | Mike Frysinger | |
2005-05-09 | abort if user passes -r or if they dont pass anything | Mike Frysinger | |
2005-05-09 | syntax/whitespace touchup | Mike Frysinger | |
2005-05-09 | Patch from Shaun Jackman: | Rob Landley | |
> This patch modfies expr to use portable POSIX regex rather than BSD > regex. ... > This updated patch implements an anchored regex by checking that the > match starts at offset 0. More to the point, this patch uses the same regex that sed.c is already using (opportunity to suck in less library code), and even building a dynamically linked busybox with just expr the result is a slightly smaller binary (by 94 bytes, I dunno what nm --size-sort has to say about it because I didn't build with debug info, since that changes the binary size a lot by disabling optimization...) Your mileage may vary. Handle with caution. Do not taunt happy fun ball. | |||
2005-05-07 | Manuel points out that if printf needs a flush to act like dprintf, the result | Rob Landley | |
is bigger. Revert last patch. | |||
2005-05-07 | This one's from me. Fix ash "standalone shell". | Rob Landley | |
If we exec /proc/self/exe and only fall back to /bin/busybox if /proc isn't there, then we have a reasonable chance of having the standalone shell work even if busybox isn't installed in /bin on the system in question. Still won't work in a chroot environment, but it's an improvement. | |||
2005-05-07 | Shaun Jackman pointed out that dprintf(STDOUT_FILENO,...) is just a printf. | Rob Landley | |
2005-05-07 | patch by Tito which uses a lot more busybox functions to reduce size nicely | Mike Frysinger | |
2005-05-07 | update e2p target to match condensed files | Mike Frysinger | |
2005-05-07 | patch by Tito which unifies common get/set functions into 1 get/set function ↵ | Mike Frysinger | |
and cuts down on the size used significantly :) | |||
2005-05-07 | add/remove defines to handle more e2fsprogs | Mike Frysinger | |
2005-05-07 | use shared busybox error messages to save a few bytes | Mike Frysinger | |
2005-05-06 | make the exec (-e) an optional feature of netcat | Mike Frysinger | |
2005-05-06 | In bug 247, haveaniceday writes: | Mike Frysinger | |
The option "-w secs" adds a timeout for writing. | |||
2005-05-04 | Tweak the "pretty lsmod for 2.6" patch to be seperately selectable. | Rob Landley | |
Patch from Takeharu Kato. | |||
2005-05-04 | Revert the uptime() removal. Let the list sort it out... | Rob Landley | |
2005-05-04 | Patch from Shaun Jackman: | Rob Landley | |
Replace uptime with time(NULL). time is more portable than uptime and eliminates the need to define uptime, reducing code size slightly. | |||
2005-05-04 | Takeharu Kato's patch added 2.6 support to lsmod; this changes menuconfig | Rob Landley | |
dependencies so 2.6 support depends on insmod or lsmod... | |||
2005-05-03 | Takeharu Kato said: | Rob Landley | |
I found that lsmod in busybox does not support linux-2.6. I fix this issue(it is caused by changes of /proc/modules format). If you use lsmod in busybox with kernel-2.6, please use this patch. | |||
2005-05-03 | From: Shaun Jackman <sjackman@gmail.com> | Rob Landley | |
To: busybox@mail.codepoet.org Wrap sockaddr_in6 in a ifdef CONFIG_FEATURE_IPV6. Include sys/types.h instead of asm/types.h. Include netinet/if_ether.h instead of linux/if_ether.h The ioctl request argument is an int, not an unsigned short. | |||
2005-05-03 | Shaun Jackman said: | Rob Landley | |
This patch adds a CONFIG_FEATURE_CLEAN_UP stanza, and also adds an ifdef around the SIOCGIFMAP call. |