Hello,
Last November a bug was found in iproute. CAN-2003-0856 has more information.
Basically, netlink packets can come from any user. If a program performs action
based on netlink packets, they must be examined to make sure they came from the
place they are expected (the kernel).
Attached is a patch against pre8. Please apply this before releasing 1.00 final.
All users of busy box may be vulnerable to local attacks without it.
Best Regards,
Steve Grubb
Hi,
the following output is from BusyBox 1.0.0-pre10:
~ # ip link help
ip: Command "help" is unknown, try "ip link help".
tk
This patch fixes it by removing the advertisements for
the "ip blah help" stuff that is not implemented.
Another issue I found was with the iproute utility. While using another
program I found that it failed because the "ip route del" command was
not found. I looked at the full iproute implementation and this command
exists. The busybox version has the "ip route delete" command. I have
created a patch which makes the "ip route del" command an alias to the
"ip route delete" command.
the arguments it consumed, which means the calling function encountered
them as well. As a result, a command like "ip -6 addr" was yielding a usage
error." - Philip Blundell
I'm building BusyBox using a development kit for MontaVista Hardhat Linux
(PPC) -- which, at least in this instance, is based around kernel 2.2.14.
I've had to massage a few files in networking/libiproute/ to make it
compile. Specifically:
(1) Added a #include <sys/uio.h> for the iovec structure in
libnetlink.c,
(2) Put ifdefs in ll_types.c and ll_proto.c around various
constants (ETH_P_xxx and ARPHRD_xxx) that weren't defined,
(3) Make do_changename() in iplink.c require a kernel >=
2.4.0 -- the ifr structure in my environment doesn't
have the ifr_name attribute. I've assumed this is
a kernel dependency -- let me know if I ought to be
checking something else.
In the absence of the correct kernel, do_changename()
always returns 0.
Attached is a patch against the current CVS that will make these changes.
-- Lars
- ip route flush
- different usage for telnetd in inetd mode
- changes for the default flags of the ip features
- if no /usr requested, udhcpc should use the script also without /usr.