Commit Graph

15 Commits

Author SHA1 Message Date
Rob Landley
60158cb93e A patch from Takeharu KATO to update/fix SE-Linux support. 2005-05-03 06:25:50 +00:00
Eric Andersen
52499cb9ae Tito writes:
Hi,
I've spent the half night staring at the devilish  my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've  found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and  logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
     false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
     The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
     Maybe this buffers can be reduced a bit  ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
     size busybox
       text    data     bss     dec     hex filename
     239568    2300   36816  278684   4409c busybox
    size busybox_fixed
       text    data     bss     dec     hex filename
     239616    2300   36816  278732   440cc busybox
7) The behaviour of whoami changed:
    actually it  prints out an username cut down to the size of the buffer.
    This could be fixed by increasing the size of the buffer as in id.c or
    avoid the use of my_getpwuid and use getpwuid directly instead.
    Maybe this colud be also remain unchanged......

Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
2004-08-26 22:18:59 +00:00
Eric Andersen
242ab83499 Teach busybox ps to get the correct uid when displaying stuff 2004-01-27 20:17:39 +00:00
Glenn L McGrath
a1e4a0ef67 Patch from Atsushi Nemoto, recent MIPS kernel headers
does not provide PAGE_SHIFT for userland (because now mips-linux kernel
supports PAGESIZE other than 4K).
2004-01-21 11:36:44 +00:00
Eric Andersen
0933a92f5a bother. It seems I can't read. 2003-12-20 10:23:28 +00:00
Eric Andersen
f295b5a408 doh! 2003-12-20 09:17:50 +00:00
Eric Andersen
a8d82fe52e Try to accomodate systems that do not define PAGE_SHIFT 2003-12-20 07:26:10 +00:00
Eric Andersen
9e48045e45 Patch from Russell Coker:
I've attached my latest SE Linux patch for busybox against the latest CVS
    version of busybox.
2003-07-03 10:07:04 +00:00
Eric Andersen
fab3e12cec Skip printing "/proc/%d/cmdline" stuff when it is not relevant 2003-05-26 18:07:30 +00:00
Manuel Novoa III
cad5364599 Major coreutils update. 2003-03-19 09:13:01 +00:00
Eric Andersen
deca106b6d Kill CONFIG_FEATURE_USE_DEVPS_PATCH and the devps patch. I'm not
maintaining it anymore, and it is now terribly out of date.
 -Erik
2002-12-05 07:24:08 +00:00
Glenn L McGrath
09adaca37d last_patch_69, 8 bit clean and other fixes from Vladimir N. Oleynik 2002-12-02 21:18:10 +00:00
Glenn L McGrath
393ad1a834 Handle name entries that have a \0 in them, last_patch_65 from Vladimir N. Oleynik 2002-11-25 22:31:37 +00:00
Glenn L McGrath
7b1eca265a include libbb after stdlib.h as it breaks dmalloc 2002-11-24 01:32:56 +00:00
Eric Andersen
44608e9693 Patch last_pach62 from vodz. This patch moves all the /proc parsing
code into libbb so it can be shared by ps, top, etc, saving over 1.5k.
2002-10-22 12:21:15 +00:00