Age | Commit message (Collapse) | Author |
|
|
|
|
|
"This patch fixes all the bugs in id previously spotted by vodz and me.
The binary size increased a bit, but now it should work as expected."
|
|
modified by myself to retain check for shadow file access.
|
|
remove some unused code.
|
|
|
|
I reversed the result of the sort functions to make the big numbers go to the top.
|
|
a condition around the remote logging, also adds some comments.
|
|
extra const's also.
|
|
for options that are currently not implemented and fixes typos.
|
|
|
|
|
|
|
|
The Togg's sysklogd patch to use sendto() on remote logging is formatting
strangely (using `<' and '>' surrounding the `msg' string message). This
is OK, but this is not the standard way of formatting this message.
So this patch does the following:
o Fix the formatting to the standard way.
o Uses `MAXLINE' when needed;
o Don't loop sending messages without a "sleeping time",
I'm now doing `now = 1', `now <<= 1';
o Don't die on `init_RemoteLog' when starting up (feature!)
We're now trying to connect every time we have an invalid fd;
o Removes one static uneeded variable.
o Removes two automatic uneeded variables.
|
|
CONFIG_FEATURE_COMMAND_EDITING was defined *and*
CONFIG_FEATURE_COMMAND_TAB_COMPLETION was undefined.
Vladimir N. Oleynik writes:
Its declare always, also if CONFIG_FEATURE_COMMAND_TAB_COMPLETION
undefined.
Patch to CVS version attached.
--w
vodz
|
|
This patch makes msh handle variable expansion within backticks more
correctly.
Current behaviour (wrong):
--------------------------
BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
$ A='`echo hello`'
$ echo $A
`echo hello`
$ echo `echo $A`
hello
$
New behaviour (correct):
------------------------
BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
$ A='`echo hello`'
$ echo $A
`echo hello`
$ echo `echo $A`
`echo hello`
$
The current behaviour (wrong according to standards) was actually my
fault. msh handles backticks by executing a subshell (which makes it
work on MMU-less systems). Executing a subshell makes it hard to only
expand variables once in the parent. Therefore I export all variables
that will be expanded within the backticks and let the subshell handle
the expansion instead.
The bug was found while searching for security leaks in CGI-scripts.
Current behaviour of msh makes it easy to expand backticks by mistake
in $QUERY_STRING. I recommend appling the patch before release of bb
1.00.
/Jonas
|
|
|
|
sparc and ia64 (itanium).
Also, reorganize the insmod architecture support code to be
alphasorted and less messy.
Update the readme to list current insmod arch support.
|
|
The second patch contains:
1) a size optimization for adduser.c
2) removes a warning about an unused variable in syslogd.c if CONFIG_FEATURE_REMOTE_LOG is not set
3)cosmetic fixes for addgroup_full_usage and adduser_full_usage
Ciao,
Tito
|
|
Hi Erik,
Hi to all,
This is part five of the my_get*id story.
I've tweaked a bit this two functions to make them more flexible,
but this changes will not affect existing code.
Now they work so:
1) my_getpwuid( char *user, uid_t uid, int bufsize)
if bufsize is > 0 char *user cannot be set to NULL
on success username is written on static allocated buffer
on failure uid as string is written to buffer and NULL is returned
if bufsize is = 0 char *user can be set to NULL
on success username is returned
on failure NULL is returned
if bufsize is < 0 char *user can be set to NULL
on success username is returned
on failure an error message is printed and the program exits
2) 1) my_getgrgid( char *group, uid_t uid, int bufsize)
if bufsize is > 0 char *group cannot be set to NULL
on success groupname is written on static allocated buffer
on failure gid as string is written to buffer and NULL is returned
if bufsize is = 0 char *group can be set to NULL
on success groupname is returned
on failure NULL is returned
if bufsize is < 0 char *group can be set to nULL
on success groupname is returned
on failure an error message is printed and the program exits
This changes were needed mainly for my new id applet.
It is somewhat bigger then the previous but matches the behaviour of GNU id
and is capable to handle usernames of whatever length.
BTW: at a first look it seems to me that it will integrate well (with just a few changes)
with the pending patch in patches/id_groups_alias.patch.
The increase in size is balanced by the removal of my_getpwnamegid.c
from libbb as this was used only in previous id applet and by size optimizations
made possible in whoami.c and in passwd.c.
I know that we are in feature freeze but I think that i've tested it enough
(at least I hope so.......).
|
|
|
|
|
|
Syslogd wont start if remote-logging is enabled and the connection to the
remote-log server is not possible on syslogd startup.
I found a patch somewhere which works like a charm. It uses sendto() which
seems more reliable for this issue.
Please see attached patch. Many people will be more happy with this included
I think.
Regards,
Togg
|
|
when people really ought to make busybox setuid root.
-Erik
|
|
|
|
Hi,
I've fixed also the issue of whoami cutting down usernames.
This time I cannot send a diff because i don't know if my previous patches will be applied
or not, so I send in the whole file.
The changes I've made don't affect size but ensure that usernames of whatever lenght
are correctly displayed.
root@localhost:/dev/pts/3:/root/Desktop/busybox/coreutils# size whoami_orig.o
text data bss dec hex filename
102 0 0 102 66 whoami_orig.o
root@localhost:/dev/pts/3:/root/Desktop/busybox/coreutils# size whoami.o
text data bss dec hex filename
93 0 0 93 5d whoami.o
This should be applied even if the other patches aren't as this matches the behaviour of the GNU whoami.
Thanks in advance,
Ciao,
Tito
|
|
|
|
Ming-Ching,
>>No. Here there are no mistakes.
>>You using POST metod.
>>For get data you should read from stdin CONTENT_LENGTH bytes.
>Hower as I posted a little while ago, there is indeed a bug
>in POST method if the CONTENT_LENGTH is bigger
>than sizeof(wbuf[128]). So if your CGI script is expecting to
>read the full CONTENT_LENGTH, it might block forever,
>because it will only transfer sizeof(wbuf) to the CGI.
Ok, Ok. I should find time to understand with a problem.
Try attached patch.
--w
vodz
|
|
Hi,
I've spent the half night staring at the devilish my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
Maybe this buffers can be reduced a bit ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
size busybox
text data bss dec hex filename
239568 2300 36816 278684 4409c busybox
size busybox_fixed
text data bss dec hex filename
239616 2300 36816 278732 440cc busybox
7) The behaviour of whoami changed:
actually it prints out an username cut down to the size of the buffer.
This could be fixed by increasing the size of the buffer as in id.c or
avoid the use of my_getpwuid and use getpwuid directly instead.
Maybe this colud be also remain unchanged......
Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
|
|
Unfortunatelly I've not followed the last two or three weeks commits (new
semester started and so now I rarely have time to fix my personal bridge)
but tonight I synched my tree and immediately noticed a rather nasty bug!
[Using libbb/interface.c:1.24]
# grep eth0 /proc/net/dev | xargs
eth0:311708397 237346 1670 0 1789 1670 0 0 22580308 120297 0 0 0 102 0 0
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:20:AF:7C:EA:B7
inet addr:10.0.0.1 Bcast:10.0.0.127 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:5 Base address:0x320
All values `ifconfig' is showing are `zeroed' -- I quickly looked at the
last commits I missed and noticed that there were a commit relating to
ifconfig, libbb/interface.c:1.23->1.24 (PatchSet 4338).
I've reversed the patch and now everything is working again. I compared
the get_name's return values from the 1.23 and 1.24 and quickly noticed
that the new revision is leaving `p' right on the sep while the rev 1.23
was leaving it right on the starting of the values...
1-line, 1/3-minute patch attached :-)
|
|
preventing unmounting an initial filesystem.
|
|
|
|
-Erik
|
|
particular making alias support work better.
|
|
|
|
|
|
On Wed Aug 18, 2004 at 06:52:57PM +0800, Matt Johnston wrote:
> I've come across some strange-seeming behaviour when running programs
> under Busybox (1.0.0-rc3) ash. If the child process sets stdin to be
> non-blocking and then exits, the parent ash will also exit. A quick strace
> shows that a subsequent read() from stdin returns EAGAIN (as would be
> expected):
Thanks!
Patch attached.
--w
vodz
|
|
|
|
|
|
|
|
-Erik
|
|
askfirst when mmuless.
|
|
Looks like the -D and -H options of the adduser applet aren't handle
properly in BusyBox.
This patch fixes the masks definition for those options according to
there position in the optstring.
Patch against RC2 but should also apply cleanly against CVS.
Bertrand
|
|
This bug is in busybox 1.0.0-rc2. When using lash exec
builtin with redirection, the opened file fd keep increasing.
For example, please try the following command with lash.
ls -al /proc/<lash pid>/fd
exec /bin/sh 2>/dev/null
ls -al /proc/<lash pid>/fd
The last 'ls' command output will look like this. The fd
number 4 shouldn't exist.
lrwx------ 1 501 100 64 Aug 13 13:56 4 -> /dev/pts/5
l-wx------ 1 501 100 64 Aug 13 13:56 2 -> /dev/null
lrwx------ 1 501 100 64 Aug 13 13:56 1 -> /dev/pts/5
lrwx------ 1 501 100 64 Aug 13 13:56 0 -> /dev/pts/5
dr-xr-xr-x 3 501 100 0 Aug 13 13:56 ..
dr-x------ 2 501 100 0 Aug 13 13:56 .
This one-line patch fix this problem by setting CLOEXEC flag for
squirrel fd. Please apply.
Joe.C
|
|
|
|
with a quick conversion you will see that 132608 == 0x20600
so noticed that the elif will never be matched !
Apparently there was already a try to modify this in CVS which
was reverted (it was plain wrong).
I don't know when __kernel_old_dev_t is needed, but with a 2.6.7
or a 2.6.8 this is __kernel_dev_t wich is needed.
I corrected this with the following patch but maybe older 2.6
still need __kernel_old_dev_t ?
I think this should be corrected before 1.0.
Thanks
Aurel
|
|
Hello,
function build_dep in modprobe.c assumes that dependencies of one module
have not more than 255 chars;
that is not sufficient in kernel 2.6.7 (alsa sound modules). - Below is
a diff that solves the problem for me.
With regards, Christian Ostheimer
|
|
|
|
coincides with upstream. Patch from debian diff.
|
|
change formatting).
|