Hello,
I found and patched 2 more bugs. The first is a misplaced semi-colon. The second
one is a buffer overflow. I doubt the buffer overflow is triggered in real life.
But you never know what those wily hackers are up to.
Thanks,
Steve Grubb
Hello,
Last November a bug was found in iproute. CAN-2003-0856 has more information.
Basically, netlink packets can come from any user. If a program performs action
based on netlink packets, they must be examined to make sure they came from the
place they are expected (the kernel).
Attached is a patch against pre8. Please apply this before releasing 1.00 final.
All users of busy box may be vulnerable to local attacks without it.
Best Regards,
Steve Grubb
applet via an alias to id.
- Add G option
- Pedantic option checking
- If effective group and user differs from the real one show both.
id.
- Alias id -Gn to groups applet
1) a non NULL terminated buffer that can mess up output, spotted by Ian
Latter
2) in miscutils/strings.c: get rid of useless pointer dereference in
third part of for(;;), spotted by Larry Doolittle
3) bug when reading from a pipe and being invoked as strings
"cat Readme | strings" is broken
"cat Readme | busybox strings" works
spotted by Ian Latter and fixed by Tito.
Hi,
the following output is from BusyBox 1.0.0-pre10:
~ # ip link help
ip: Command "help" is unknown, try "ip link help".
tk
This patch fixes it by removing the advertisements for
the "ip blah help" stuff that is not implemented.
the _destination_ file. (Ah hah! That works _much_ better...) I
implemented the behavior, I just forgot to test this corner of it. My fault,
sorry...
No, gnu sed -i doesn't preverve ownership information. I checked.
Permissions, yes, ownership info, no.
Rob
that the _only_ change to is that gnu sed has been replaced with busybox sed.
And ncurses' install phase hangs. I trace it down, and it's trying to run
gawk. (Insert obligatory doubletake, but this is FSF code we're talking
about, so...)
It turns out gawk shells out to sed, ala "sed -f /tmp/blah file.h". The
/tmp/blah file is basically empty (it contains one character, a newline). So
basically, gawk is using sed as "cat". With gnu sed, it works like cat,
anyway.
With busybox sed, it tests if its command list is empty after parsing the
command line, and if the list is empty it takes the first file argument as a
sed command string, and if that leaves the file list empty it tries to read
the data to operate on from stdin. (Hence the hang, since nothing's coming
in on stdin...)
It _should_ be testing whether there were any instances of -f or -e, not
whether it actually got any commands. Using sed as cat may be kind of
stupid, but it's valid and gawk relies on this behavior.
Here's a patch to fix it, turning a couple of ints into chars in hopes of
saving a bit of the space this adds. Comments?
Rob
The linux kernel doesnt allow hard links to directories, SUS says its
implementation specific.
cramfs gives empty directories and 0 length files the same node it
makies it difficult to distinguish from hard links.
This is a bulk spelling fix patch against busybox-1.00-pre10.
If anyone gets a corrupted copy (and cares), let me know and
I will make alternate arrangements.
Erik - please apply.
Authors - please check that I didn't corrupt any meaning.
Package importers - see if any of these changes should be
passed to the upstream authors.
I glossed over lots of sloppy capitalizations, missing apostrophes,
mixed American/British spellings, and German-style compound words.
What is "pretect redefined for test" in cmdedit.c?
Good luck on the 1.00 release!
- Larry
He,
there is a bug in HUSH's handling of "if" / "elif" commands:
$ if true
> then
> echo 1
> elif
> true
> then
> echo 2
> elif
> true
> then
> echo 3
> else
> echo 4
> fi
1
2
3
$
The same bug exists in all versions of HUSH from BB v0.60.x up to and
including v1.00-pre9. The attached patch fixes this:
$ if true
> then
> echo 1
> elif
> true
> then
> echo 2
> elif
> true
> then
> echo 3
> else
> echo 4
> fi
1
$
Best regards,
Wolfgang Denk
Just upgraded from 0.6 to 1.00-pre8
Dot command handling handled args correctly (same as bash) in 0.60,
but failed in 1.00:
I fixed this by reverting the dotcmd function back to previous 0.60
instantiation,
please consider using the older version.
Thanks
Peter
It looks like latest uClibc defines ARCH_HAS_MMU, but a few busybox files
test UCLIBC_HAS_MMU, resulting in vfork() getting called instead of
fork(), etc.
Patch below. Only tested for lash.
Cheers,
-Jamie
Hi.
Last changes (rev 1.12) to recursive_actions() by Christian Grigis
have problem.
Test for demonstrate:
$ mkdir aaa bbb ccc
$ su
# chown root bbb
# chmod 700 bbb
# exit
$ busybox chmod 777 -R .
./bbb: Permision denied
But "./ccc" mode not changed. Previous variant works fine,
errors skiped and continued recursion.
--w
vodz
