oweals/busybox.git
19 years agoThe change in getty.c in Busybox 1.01 caused the /etc/issue file to not
Eric Andersen [Wed, 27 Jul 2005 06:05:38 +0000 (06:05 -0000)]
The change in getty.c in Busybox 1.01 caused the /etc/issue file to not
be displayed unless CONFIG_FEATURE_UTMP is set.  This was not the intended
result.

19 years agouse toplevel ARFLAGS and update default ARFLAGS to be quiet
Mike Frysinger [Wed, 27 Jul 2005 01:09:24 +0000 (01:09 -0000)]
use toplevel ARFLAGS and update default ARFLAGS to be quiet

19 years ago2005-04-05 Shaun Jackman <sjackman@gmail.com>
Mike Frysinger [Tue, 26 Jul 2005 23:05:03 +0000 (23:05 -0000)]
2005-04-05  Shaun Jackman  <sjackman@gmail.com>

* libbb/printf.c: Check for __NEWLIB_H__ before __GLIBC__.

19 years ago2005-03-19 Shaun Jackman <sjackman@gmail.com>
Mike Frysinger [Tue, 26 Jul 2005 23:00:59 +0000 (23:00 -0000)]
2005-03-19  Shaun Jackman  <sjackman@gmail.com>

* networking/ping.c (ping): Change the type of fromlen to socklen_t.

19 years agoremove unused variable ret as reported by apgo in Bug 350 and touchup syntax along...
Mike Frysinger [Tue, 26 Jul 2005 22:57:51 +0000 (22:57 -0000)]
remove unused variable ret as reported by apgo in Bug 350 and touchup syntax along the way

19 years agono longer used as reported by apgo in Bug 348
Mike Frysinger [Tue, 26 Jul 2005 22:51:57 +0000 (22:51 -0000)]
no longer used as reported by apgo in Bug 348

19 years agojust punt all the f_frsize crap since not all linux headers support it Bug 346
Mike Frysinger [Tue, 26 Jul 2005 22:39:56 +0000 (22:39 -0000)]
just punt all the f_frsize crap since not all linux headers support it Bug 346

19 years agoifdef all of loop.c with CONFIG_FEATURE_MOUNT_LOOP. won't
Paul Fox [Fri, 22 Jul 2005 19:58:32 +0000 (19:58 -0000)]
ifdef all of loop.c with CONFIG_FEATURE_MOUNT_LOOP.  won't
compile due to CONFIG_FEATURE_MOUNT_LOOP_MAX otherwise.  reported
by Stephane Billiart.

19 years agoapplying fix for:
Paul Fox [Fri, 22 Jul 2005 13:17:41 +0000 (13:17 -0000)]
applying fix for:
     0000093: Patch for dpkg - can't handle scripts
      Attached patch is needed to fix dpkg's support for preinst,
       postinst etc script files.

19 years agoremove duplicate check against chaddr.
Paul Fox [Thu, 21 Jul 2005 20:23:56 +0000 (20:23 -0000)]
remove duplicate check against chaddr.

19 years agorevert 10881, and refix by changing "if (vallen)" to "if (val)". this
Paul Fox [Thu, 21 Jul 2005 12:03:05 +0000 (12:03 -0000)]
revert 10881, and refix by changing "if (vallen)" to "if (val)".  this
is per the upstream fix for dash, in dash_0.5.2-6.diff.  thanks vodz, for
catching this.

19 years agoapplying fixes from:
Paul Fox [Wed, 20 Jul 2005 20:26:49 +0000 (20:26 -0000)]
applying fixes from:
    0000142: unzip enhancements

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 19:55:19 +0000 (19:55 -0000)]
applying fix for:
    0000026: poor man's "scriptable" telnet

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 19:49:15 +0000 (19:49 -0000)]
applying fix for:
    0000271: [PATCH] tftp -g fails if a TFTP_ACK is lost

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 19:46:32 +0000 (19:46 -0000)]
applying fix for:
    0000265: tail -f should keep following files even if they
                    were truncated

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 19:40:30 +0000 (19:40 -0000)]
applying fix for:
    0000263: nc cannot use -e when initiating a tcp connection
     to something else

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 19:24:13 +0000 (19:24 -0000)]
applying fix for:
     0000262: tar -x doesn't believe it has reached the end of archive

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 19:18:45 +0000 (19:18 -0000)]
applying fix for:
    0000261: Unsafe empty env var export in ash

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 19:13:21 +0000 (19:13 -0000)]
applying fix for:
     0000260: udhcpc doesn't validate client hardware address

19 years agoapplying patch from:
Paul Fox [Wed, 20 Jul 2005 19:07:27 +0000 (19:07 -0000)]
applying patch from:
    0000227: sort use wrong type for getopt return variable

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 19:01:05 +0000 (19:01 -0000)]
applying fix for:
    0000203: 'ip route flush cache' not implemented

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 18:42:52 +0000 (18:42 -0000)]
applying fix for:
    0000185: httpd infinite loop when piping to CGI script

19 years agoapplyinf fix for:
Paul Fox [Wed, 20 Jul 2005 18:33:12 +0000 (18:33 -0000)]
applyinf fix for:
    0000155: variable expansion with braces in backticks in msh

19 years agoapplying fix from:
Paul Fox [Wed, 20 Jul 2005 18:23:39 +0000 (18:23 -0000)]
applying fix from:
    0000152: ash: quoting rules for local variables different to globals

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 18:02:11 +0000 (18:02 -0000)]
applying fix for:
     0000143: sysklogd remote logging adds a space between facility and tag

19 years agoapplying fix for:
Paul Fox [Wed, 20 Jul 2005 17:39:52 +0000 (17:39 -0000)]
applying fix for:
    0000118: vi join command does not mark file as modified for certain lines.

19 years agomuch more concise fix for bug #45. just align the packet...
Paul Fox [Wed, 20 Jul 2005 11:55:08 +0000 (11:55 -0000)]
much more concise fix for bug #45.  just align the packet...

19 years agoIf /tmp and /home were different partitions, then "mv /tmp/file /home/file"
Rob Landley [Wed, 20 Jul 2005 00:45:40 +0000 (00:45 -0000)]
If /tmp and /home were different partitions, then "mv /tmp/file /home/file"
would delete /home/file even if /tmp/file didn't exist.

This fixes that, although the logic of both mv and cp is a bit tangled and
should probably be untangled.

19 years agoapplying fix for:
Paul Fox [Tue, 19 Jul 2005 21:31:05 +0000 (21:31 -0000)]
applying fix for:
     0000117: Remove linefeed after overwrite prompt using cp -i
  User input not on the same line as the prompt when about to
  overwrite a file.

19 years agoapplying fix from:
Paul Fox [Tue, 19 Jul 2005 21:26:57 +0000 (21:26 -0000)]
applying fix from:
    0000108: busyboxy/networking/ftpgetput.c not conforming to
                    RFC 959.  ftpget and ftpput send <LF> as EOL.

19 years agoapplying fix from;
Paul Fox [Tue, 19 Jul 2005 21:21:58 +0000 (21:21 -0000)]
applying fix from;
    0000092: looks like the initializer for .need_suid was missing.

19 years agoapplying fix from:
Paul Fox [Tue, 19 Jul 2005 21:19:20 +0000 (21:19 -0000)]
applying fix from:
    0000088: inetd chargen stream does not generate the
    characters as recommended in RFC 864
    Chragen service is generating garbage characters.

19 years agoapplying fix from:
Paul Fox [Tue, 19 Jul 2005 20:55:37 +0000 (20:55 -0000)]
applying fix from:
     0000068: mount limited to max 8 loop devices (patch provided)

(made minor wording change for config help message)

19 years agoapplying fix from:
Paul Fox [Tue, 19 Jul 2005 20:47:33 +0000 (20:47 -0000)]
applying fix from:
 0000067: cp -p produces misleading error message

19 years agoapplying:
Paul Fox [Tue, 19 Jul 2005 20:41:06 +0000 (20:41 -0000)]
applying:
0000054: Tab completing filenames in ash causes SEGV
Simple tab completion operations cause busybox (ash) to
access illegal addresses.

19 years agoapplying fix for:
Paul Fox [Tue, 19 Jul 2005 20:37:15 +0000 (20:37 -0000)]
applying fix for:
 0000045: traceroute causes an alignment trap due to unaligned buffer on arm

19 years agoFixup makedevs to handle regular files, and also fix
Eric Andersen [Mon, 18 Jul 2005 22:40:59 +0000 (22:40 -0000)]
Fixup makedevs to handle regular files, and also fix
it to properly update file permissions as specified.

19 years agofix for "0000027: patch: nc will spin if stdin closed"
Paul Fox [Mon, 18 Jul 2005 22:23:16 +0000 (22:23 -0000)]
fix for "0000027: patch: nc will spin if stdin closed"

19 years agoallow both ^H and DEL to backspace in insert mode (bug #23)
Paul Fox [Mon, 18 Jul 2005 22:17:25 +0000 (22:17 -0000)]
allow both ^H and DEL to backspace in insert mode (bug #23)

19 years agoFix vi so that error messages, insert mode messages, etc are
Eric Andersen [Mon, 18 Jul 2005 10:32:59 +0000 (10:32 -0000)]
Fix vi so that error messages, insert mode messages, etc are
all actually displayed in the status line as expected

19 years agoa bit more polish
Eric Andersen [Mon, 18 Jul 2005 09:45:35 +0000 (09:45 -0000)]
a bit more polish

19 years agoa bit of polish on makedevs
Eric Andersen [Mon, 18 Jul 2005 09:42:37 +0000 (09:42 -0000)]
a bit of polish on makedevs

19 years agothe makedevs config option was pretty much totally broken
Eric Andersen [Mon, 18 Jul 2005 09:36:49 +0000 (09:36 -0000)]
the makedevs config option was pretty much totally broken

19 years agoFixup device table based makedevs so it actually works
Eric Andersen [Mon, 18 Jul 2005 09:28:36 +0000 (09:28 -0000)]
Fixup device table based makedevs so it actually works

19 years agomove var decls around a little to help gcc make smaller code
Mike Frysinger [Wed, 6 Jul 2005 05:00:48 +0000 (05:00 -0000)]
move var decls around a little to help gcc make smaller code

19 years ago2005-07-04 Shaun Jackman <sjackman@gmail.com>
Mike Frysinger [Wed, 6 Jul 2005 04:46:14 +0000 (04:46 -0000)]
2005-07-04  Shaun Jackman  <sjackman@gmail.com>

        * init/init.c: Do not include sys/mount.h.
        (message): Use O_NONBLOCK instead of O_NDELAY.
        (console_init): Ditto.

19 years ago2005-07-05 Shaun Jackman <sjackman@gmail.com>
Mike Frysinger [Wed, 6 Jul 2005 04:39:08 +0000 (04:39 -0000)]
2005-07-05  Shaun Jackman  <sjackman@gmail.com>

        * init/Config.in (CONFIG_FEATURE_INIT_SWAPON): New option.
        * init/init.c (check_memory): Disable the swapon feature unless
        CONFIG_FEATURE_INIT_SWAPON is defined.

19 years agorename log var to log_console so we dont override internal gcc/glibc log func
Mike Frysinger [Tue, 5 Jul 2005 02:19:20 +0000 (02:19 -0000)]
rename log var to log_console so we dont override internal gcc/glibc log func

19 years ago2005-06-30 Shaun Jackman <sjackman@gmail.com>
Mike Frysinger [Fri, 1 Jul 2005 01:29:44 +0000 (01:29 -0000)]
2005-06-30  Shaun Jackman  <sjackman@gmail.com>

        * loginutils/getty.c: (open_tty): Use dup2 instead of close/dup.

19 years ago2005-06-30 Shaun Jackman <sjackman@gmail.com>
Mike Frysinger [Fri, 1 Jul 2005 01:07:16 +0000 (01:07 -0000)]
2005-06-30  Shaun Jackman  <sjackman@gmail.com>

        * loginutils/getty.c: Include utmp.h only if
        CONFIG_FEATURE_U_W_TMP is defined.
        (getty_main): Use ISSUE only if it is defined.

19 years agoPatch by jonlar in Bug 312 to split the U_W_TMP feature into sep UTMP and WTMP options
Mike Frysinger [Fri, 1 Jul 2005 01:04:32 +0000 (01:04 -0000)]
Patch by jonlar in Bug 312 to split the U_W_TMP feature into sep UTMP and WTMP options

19 years agopatch by Shaun Jackman to combine dup/close funcs into dup2
Mike Frysinger [Thu, 30 Jun 2005 03:43:14 +0000 (03:43 -0000)]
patch by Shaun Jackman to combine dup/close funcs into dup2

19 years agodont use f_frsize unless linux-2.6.0 or better
Mike Frysinger [Wed, 29 Jun 2005 01:07:04 +0000 (01:07 -0000)]
dont use f_frsize unless linux-2.6.0 or better

19 years agorip out all the non-linux code and ugly workarounds
Mike Frysinger [Tue, 28 Jun 2005 23:50:18 +0000 (23:50 -0000)]
rip out all the non-linux code and ugly workarounds

19 years agotweak signed/unsigned char usage to avoid mismatches
Mike Frysinger [Fri, 24 Jun 2005 21:37:59 +0000 (21:37 -0000)]
tweak signed/unsigned char usage to avoid mismatches

19 years ago- remove extra/unneeded function call. testing svn
Ned Ludd [Fri, 24 Jun 2005 03:47:57 +0000 (03:47 -0000)]
- remove extra/unneeded function call. testing svn

19 years agoEnabling runtime SUID/SGID configuration via /etc/busybox.conf
Eric Andersen [Thu, 23 Jun 2005 19:15:40 +0000 (19:15 -0000)]
Enabling runtime SUID/SGID configuration via /etc/busybox.conf
is not a very good default.  Better to default to having it off
and let people get the default behavior.  If they want to enable
/etc/busybox.conf they should explicitly ask for it.

19 years agoapplets specified as _BB_SUID_ALWAYS in applets.h should also select
Eric Andersen [Thu, 23 Jun 2005 18:58:57 +0000 (18:58 -0000)]
applets specified as _BB_SUID_ALWAYS in applets.h should also select
CONFIG_FEATURE_SUID to ensure proper behavior when installed.

19 years agocharacters encoded as html should have a trailing semicolon
Eric Andersen [Thu, 23 Jun 2005 05:51:48 +0000 (05:51 -0000)]
characters encoded as html should have a trailing semicolon
to be interpreted properly

19 years agoRodney Radford submitted ipcs and ipcrm (system V IPC stuff). They could use
Rob Landley [Mon, 20 Jun 2005 04:30:36 +0000 (04:30 -0000)]
Rodney Radford submitted ipcs and ipcrm (system V IPC stuff).  They could use
some more work to shrink them down.

19 years agoTito says: unify verbose/quiet flags
Mike Frysinger [Fri, 17 Jun 2005 02:13:57 +0000 (02:13 -0000)]
Tito says: unify verbose/quiet flags

19 years agoTito says: strip unused program_name
Mike Frysinger [Fri, 17 Jun 2005 01:35:52 +0000 (01:35 -0000)]
Tito says: strip unused program_name
Vladimir N. Oleynik says: uname() can be replaced with get_kernel_revision()

19 years agouse xmalloc instead of malloc
Mike Frysinger [Sun, 12 Jun 2005 00:45:09 +0000 (00:45 -0000)]
use xmalloc instead of malloc

19 years agouse malloc instead of xmalloc
Mike Frysinger [Sat, 11 Jun 2005 22:37:25 +0000 (22:37 -0000)]
use malloc instead of xmalloc

19 years agouse xmalloc() instead of malloc()
Mike Frysinger [Sat, 11 Jun 2005 22:25:27 +0000 (22:25 -0000)]
use xmalloc() instead of malloc()

19 years agouse xmalloc() and bb_perror_msg_and_die()
Mike Frysinger [Sat, 11 Jun 2005 22:24:15 +0000 (22:24 -0000)]
use xmalloc() and bb_perror_msg_and_die()

19 years agoNote that memory allocaiton needs to be cleaned up too.
Rob Landley [Sat, 11 Jun 2005 22:10:42 +0000 (22:10 -0000)]
Note that memory allocaiton needs to be cleaned up too.

19 years agoremove com_err.h includes
Mike Frysinger [Sat, 11 Jun 2005 20:29:02 +0000 (20:29 -0000)]
remove com_err.h includes

19 years agoDOS only crap
Mike Frysinger [Sat, 11 Jun 2005 20:28:47 +0000 (20:28 -0000)]
DOS only crap

19 years agoimport initial fat mke2fs
Mike Frysinger [Sat, 11 Jun 2005 05:29:40 +0000 (05:29 -0000)]
import initial fat mke2fs

19 years agoimport tune2fs support
Mike Frysinger [Sat, 11 Jun 2005 01:14:09 +0000 (01:14 -0000)]
import tune2fs support

19 years agofix signed/unsigned char pointers
Mike Frysinger [Sat, 11 Jun 2005 00:50:59 +0000 (00:50 -0000)]
fix signed/unsigned char pointers

19 years agooops, we only want to affect local CFLAGS
Mike Frysinger [Sat, 11 Jun 2005 00:45:50 +0000 (00:45 -0000)]
oops, we only want to affect local CFLAGS

19 years agoinitial fat tune2fs/findfs/e2label source
Mike Frysinger [Sat, 11 Jun 2005 00:40:20 +0000 (00:40 -0000)]
initial fat tune2fs/findfs/e2label source

19 years agoreplace simple is_null func with a memcmp define
Mike Frysinger [Sat, 11 Jun 2005 00:36:04 +0000 (00:36 -0000)]
replace simple is_null func with a memcmp define

19 years agoforce including of e2fsbb.h and move the HAVE_* defines to it
Mike Frysinger [Sat, 11 Jun 2005 00:27:50 +0000 (00:27 -0000)]
force including of e2fsbb.h and move the HAVE_* defines to it

19 years agomove config.h requirement to the actual .depend target rather than the depend alias
Mike Frysinger [Sat, 11 Jun 2005 00:13:58 +0000 (00:13 -0000)]
move config.h requirement to the actual .depend target rather than the depend alias

19 years agomake sure clean removes objects in subdirs
Mike Frysinger [Sat, 11 Jun 2005 00:12:12 +0000 (00:12 -0000)]
make sure clean removes objects in subdirs

19 years agoneed strings.h for ffs()
Mike Frysinger [Sat, 11 Jun 2005 00:11:46 +0000 (00:11 -0000)]
need strings.h for ffs()

19 years agoonly define some variables if legacy EXT2FS_ENABLE_SWAPFS is enabled
Mike Frysinger [Sat, 11 Jun 2005 00:11:37 +0000 (00:11 -0000)]
only define some variables if legacy EXT2FS_ENABLE_SWAPFS is enabled

19 years agoreplace simple functions with defines
Mike Frysinger [Sat, 11 Jun 2005 00:10:44 +0000 (00:10 -0000)]
replace simple functions with defines

19 years agowhitespace updates
Mike Frysinger [Sat, 11 Jun 2005 00:10:29 +0000 (00:10 -0000)]
whitespace updates

19 years agoreplace functions with defines
Mike Frysinger [Sat, 11 Jun 2005 00:09:46 +0000 (00:09 -0000)]
replace functions with defines

19 years agowhitespace updates
Mike Frysinger [Sat, 11 Jun 2005 00:09:39 +0000 (00:09 -0000)]
whitespace updates

19 years agowhitespace updates
Mike Frysinger [Sat, 11 Jun 2005 00:09:24 +0000 (00:09 -0000)]
whitespace updates

19 years agorecode functions to shrink size
Mike Frysinger [Sat, 11 Jun 2005 00:08:50 +0000 (00:08 -0000)]
recode functions to shrink size

19 years agosetup the HAVE_* defines
Mike Frysinger [Sat, 11 Jun 2005 00:03:13 +0000 (00:03 -0000)]
setup the HAVE_* defines

19 years agoAbout time to just apply this and kill off the patches
Eric Andersen [Thu, 9 Jun 2005 10:16:02 +0000 (10:16 -0000)]
About time to just apply this and kill off the patches

19 years agoTito posted a devfsd error message fix. It's highly deprecated and will
Rob Landley [Tue, 7 Jun 2005 03:47:00 +0000 (03:47 -0000)]
Tito posted a devfsd error message fix.  It's highly deprecated and will
presumably be removed eventually (use udev), but as long as it's in there.

Tito says:

The sense of this patch is to call:
read_config_file_err:
#ifdef CONFIG_DEVFSD_VERBOSE
    msg_logger(((optional ==  0 ) && (errno == ENOENT))? DIE : NO_DIE, LOG_ERR, "read config file: %s: %m\n", path);
#else
    if(optional ==  0  && errno == ENOENT)
        exit(EXIT_FAILURE);
#endif

just after the failure of the  call that set errno ( stat and fopen)
to avoid false error messages.

19 years agoClean up strings.c to use busybox's option processing. Bug 006, apparently.
Rob Landley [Tue, 7 Jun 2005 03:21:20 +0000 (03:21 -0000)]
Clean up strings.c to use busybox's option processing.  Bug 006, apparently.

19 years agoPatch from Dmitry Zakharov:
Rob Landley [Tue, 7 Jun 2005 02:43:52 +0000 (02:43 -0000)]
Patch from Dmitry Zakharov:

Charlie Brady wrote:
> Here's another awk parsing problem - unary post increment - pre is fine:
>
>bash-2.05a$ echo 2,3 | gawk -F , '{ $2++ }'
>bash-2.05a$ echo 2,3 | /tmp/busybox/busybox awk -F , '{ $2++ }'
>awk: cmd. line:1: Unexpected token
>
Here's a fix for this. There is another problem with constructions like
"print (A+B) ++C", I don't
know whether somebody uses such constructions (fixing both these
problems would require very
serious change in awk code).

19 years agoThus spake Brenda J. Butler:
Rob Landley [Tue, 7 Jun 2005 02:40:39 +0000 (02:40 -0000)]
Thus spake Brenda J. Butler:

We were seeing some timeouts when getting files with the busybox tftp
client.

With tcpdump, we saw that the tftp client was receiving blocks and
ack'ing them, but the server was failing to receive the occasional
ack.

When that happened, the server would send the last block over again,
but the tftp client was expecting the next block.

This patch allows the client to recover from this situation
(it sends an ack for the repeat block but does not write it
to the local file).

I hope it meets your approval, please don't hesitate to send
me comments for improvement.

The patch is against "head" in svn, I tested it on an older version
of busybox in our environment.  It applied cleanly to the older
version.

Credit for this goes to my co-worker John McCarthy for finding
it and me for fixing it (assuming it works for everyone else too).

cheerio,
bjb

19 years agoShaun Jackman submitted a patch converting an allocation to use
Rob Landley [Sat, 28 May 2005 23:55:26 +0000 (23:55 -0000)]
Shaun Jackman submitted a patch converting an allocation to use
CONFIG_RESERVE_BUFFER.  (Rob Landley removed an #ifdef, per discussion on
the list.)

19 years agoPatch from Shaun Jackman to save a few bytes.
Rob Landley [Sat, 28 May 2005 23:36:38 +0000 (23:36 -0000)]
Patch from Shaun Jackman to save a few bytes.

19 years agoTobias Krawutschke found a bug where the DHCP client would accept packets
Rob Landley [Thu, 26 May 2005 05:25:12 +0000 (05:25 -0000)]
Tobias Krawutschke found a bug where the DHCP client would accept packets
with the wrong ARP address, meaning we could easily get somebody else's IP.
That is a bad thing, and this is the minimal two-line fix.

19 years agoAdd readprofile applet support.
Paul Mundt [Fri, 20 May 2005 17:22:18 +0000 (17:22 -0000)]
Add readprofile applet support.

19 years agoPatch from Colin Watson (mangled slightly by Rob Landley):
Rob Landley [Wed, 18 May 2005 06:34:37 +0000 (06:34 -0000)]
Patch from Colin Watson (mangled slightly by Rob Landley):

This patch implements the 'T' command in sed. This is a GNU extension,
but one of the udev hotplug scripts uses it, so I need it in busybox
anyway.

Includes a test; 'svn add testsuite/sed/sed-branch-conditional-inverted'
after applying.

19 years agoDoug Swarin pointed out a security bug in the -i option of sed.
Rob Landley [Wed, 18 May 2005 05:56:16 +0000 (05:56 -0000)]
Doug Swarin pointed out a security bug in the -i option of sed.

While the permissions on the temp file are correct to prevent it from being
maliciously mangled by passing strangers, (created with 600, opened O_EXCL,
etc), the permissions on the _directory_ might not be, and we re-open the
file to convert the filehandle to a FILE * (and automatically get an error
message and exit if the directory's read-only or out of space or some such).

This opens a potential race condition if somebody's using dnotify on the
directory, deletes/renames the tempfile, and drops a symlink or something
there.  Somebody running sed -i as root in a world writeable directory could
do damage.

I dug up notes on an earlier discussion where we looked at the security
implications of this (unfortunately on the #uclibc channel rather than email;
I don't have a transcript, just notes-to-self) which pointed out that if the
permissions on the directory allow other people's files to be deleted/renamed
then the original file is vulnerable to sabotage anyway.  However, there are
two cases that discussion apparently didn't take into account:

1) Using another user's permissions to damage files in other directories you
can't access (standard symlink attack).

2) Reading data another user couldn't otherwise access by having the new file
belong to that other user.

This patch uses fdopen to convert the filehandle into a FILE *, rather than
reopening the file.

19 years agouse more busybox functions and remove redundant code
Mike Frysinger [Mon, 16 May 2005 22:35:59 +0000 (22:35 -0000)]
use more busybox functions and remove redundant code

19 years agomake sure we add the local dir to the include path
Mike Frysinger [Mon, 16 May 2005 22:05:07 +0000 (22:05 -0000)]
make sure we add the local dir to the include path