aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2005-05-18Doug Swarin pointed out a security bug in the -i option of sed.Rob Landley
While the permissions on the temp file are correct to prevent it from being maliciously mangled by passing strangers, (created with 600, opened O_EXCL, etc), the permissions on the _directory_ might not be, and we re-open the file to convert the filehandle to a FILE * (and automatically get an error message and exit if the directory's read-only or out of space or some such). This opens a potential race condition if somebody's using dnotify on the directory, deletes/renames the tempfile, and drops a symlink or something there. Somebody running sed -i as root in a world writeable directory could do damage. I dug up notes on an earlier discussion where we looked at the security implications of this (unfortunately on the #uclibc channel rather than email; I don't have a transcript, just notes-to-self) which pointed out that if the permissions on the directory allow other people's files to be deleted/renamed then the original file is vulnerable to sabotage anyway. However, there are two cases that discussion apparently didn't take into account: 1) Using another user's permissions to damage files in other directories you can't access (standard symlink attack). 2) Reading data another user couldn't otherwise access by having the new file belong to that other user. This patch uses fdopen to convert the filehandle into a FILE *, rather than reopening the file.
2005-05-16use more busybox functions and remove redundant codeMike Frysinger
2005-05-16make sure we add the local dir to the include pathMike Frysinger
2005-05-15Tito pointed out I'd broken -t (argv[optind] can't be before getulflags),Rob Landley
and replaced the use of system() (and resulting security implications).
2005-05-14Add automatic umount support to eject command. Patch from Tito,Rob Landley
with tweaks from Mike Frysinger and Rob Landley. Note: this will still fail to umount a path that contains an ' or \ character. Is it worth the extra size to filter for that?
2005-05-13as Rob Landley pointed out, need to fix the 1 versus i typo in indexingMike Frysinger
2005-05-13blah, forgot to save last time to fix whitespacingMike Frysinger
2005-05-13remove duplicated code and rework algorithms to end up with smaller codeMike Frysinger
2005-05-12use a bunch of if statements since it is a few bytes smaller than a switch; ↵Mike Frysinger
also use bb_xfopen() instead of fopen() so comm doesnt segfault when given non-existant files :(
2005-05-12err, added 2 to the wrong var :) also touchup the option detection to shrink ↵Mike Frysinger
size
2005-05-12fix segfault if user only specifies 1 fileMike Frysinger
2005-05-12update usage to match actual behaviorMike Frysinger
2005-05-12fix whitespace/coding styleMike Frysinger
2005-05-12add missing comm.o ruleMike Frysinger
2005-05-12whitespace touchupsMike Frysinger
2005-05-11This makefile was a mess. Fix it to work as intended.Eric Andersen
-Erik
2005-05-11Small comm implementatin from Rob Sullivan. Needed to build perl.Rob Landley
2005-05-11import ether-wake applet by haveaniceday Bug 252Mike Frysinger
2005-05-11change the hardcoded error constant (0x80000000UL) to a nice flexible define ↵Mike Frysinger
(BB_GETOPT_ERROR)
2005-05-11import eject by Peter Willis / Tito RagusaMike Frysinger
2005-05-11now that mjn3 explained it to me, add documentation for the 3rd field in ↵Mike Frysinger
long opts
2005-05-10Patch from Jason Schoon to add IPV6 support to telnetd. Reworked by RobRob Landley
Landley to remove an #ifdef and move another one out of the flow of code.
2005-05-10add documentation for long options and touch up the current docs now that i ↵Mike Frysinger
actually understand how to use the function myself :)
2005-05-09import more libs to prep for new e2fsprogsMike Frysinger
2005-05-09import ext2fs lib to prep for new e2fsprogsMike Frysinger
2005-05-09no longer appliesMike Frysinger
2005-05-09import base_device.c for fsckMike Frysinger
2005-05-09remove unused filesMike Frysinger
2005-05-09trim out useless defines and use some busybox funcsMike Frysinger
2005-05-09override nls P_() macroMike Frysinger
2005-05-09abort if user passes -r or if they dont pass anythingMike Frysinger
2005-05-09syntax/whitespace touchupMike Frysinger
2005-05-09Patch from Shaun Jackman:Rob Landley
> This patch modfies expr to use portable POSIX regex rather than BSD > regex. ... > This updated patch implements an anchored regex by checking that the > match starts at offset 0. More to the point, this patch uses the same regex that sed.c is already using (opportunity to suck in less library code), and even building a dynamically linked busybox with just expr the result is a slightly smaller binary (by 94 bytes, I dunno what nm --size-sort has to say about it because I didn't build with debug info, since that changes the binary size a lot by disabling optimization...) Your mileage may vary. Handle with caution. Do not taunt happy fun ball.
2005-05-07Manuel points out that if printf needs a flush to act like dprintf, the resultRob Landley
is bigger. Revert last patch.
2005-05-07This one's from me. Fix ash "standalone shell".Rob Landley
If we exec /proc/self/exe and only fall back to /bin/busybox if /proc isn't there, then we have a reasonable chance of having the standalone shell work even if busybox isn't installed in /bin on the system in question. Still won't work in a chroot environment, but it's an improvement.
2005-05-07Shaun Jackman pointed out that dprintf(STDOUT_FILENO,...) is just a printf.Rob Landley
2005-05-07patch by Tito which uses a lot more busybox functions to reduce size nicelyMike Frysinger
2005-05-07update e2p target to match condensed filesMike Frysinger
2005-05-07patch by Tito which unifies common get/set functions into 1 get/set function ↵Mike Frysinger
and cuts down on the size used significantly :)
2005-05-07add/remove defines to handle more e2fsprogsMike Frysinger
2005-05-07use shared busybox error messages to save a few bytesMike Frysinger
2005-05-06make the exec (-e) an optional feature of netcatMike Frysinger
2005-05-06In bug 247, haveaniceday writes:Mike Frysinger
The option "-w secs" adds a timeout for writing.
2005-05-04Tweak the "pretty lsmod for 2.6" patch to be seperately selectable.Rob Landley
Patch from Takeharu Kato.
2005-05-04Revert the uptime() removal. Let the list sort it out...Rob Landley
2005-05-04Patch from Shaun Jackman:Rob Landley
Replace uptime with time(NULL). time is more portable than uptime and eliminates the need to define uptime, reducing code size slightly.
2005-05-04Takeharu Kato's patch added 2.6 support to lsmod; this changes menuconfigRob Landley
dependencies so 2.6 support depends on insmod or lsmod...
2005-05-03Takeharu Kato said:Rob Landley
I found that lsmod in busybox does not support linux-2.6. I fix this issue(it is caused by changes of /proc/modules format). If you use lsmod in busybox with kernel-2.6, please use this patch.
2005-05-03From: Shaun Jackman <sjackman@gmail.com>Rob Landley
To: busybox@mail.codepoet.org Wrap sockaddr_in6 in a ifdef CONFIG_FEATURE_IPV6. Include sys/types.h instead of asm/types.h. Include netinet/if_ether.h instead of linux/if_ether.h The ioctl request argument is an int, not an unsigned short.
2005-05-03Shaun Jackman said:Rob Landley
This patch adds a CONFIG_FEATURE_CLEAN_UP stanza, and also adds an ifdef around the SIOCGIFMAP call.