On some systems like Chromium OS, loading modules from non-verified
filesystems is denied. Only finit_module is allowed because an open
fd is passed which can be checked against a verified location.
Change the module loading code to first attempt finit_module and if
that fails for whatever reason, fall back to the existing logic.
On x86_64, this adds ~80 bytes to modutils/modutils.o and ~68 bytes
to modutils/modprobe-small.o.
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is only necessary if we use stdout fd.
function old new delta
less_exit 32 51 +19
less_main 2540 2543 +3
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 22/0) Total: 22 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Currently some new devices that have a bus but no class will
be missed by mdev coldplug device creation after boot. This
happens because mdev recursively searches /sys/class which will
by definition only find class devices.
Some important devices such as iio and gpiochip does not have
a class. But users will need them.
This switches from using /sys/class as the place to look for
devices to create to using /sys/dev where all char and block
devices are listed.
The subsystem lookup code that provide the G.subsystem
environment variable is changed from using the directory
name of the class device to instead dereference the
"subsystem" symlink for the device, and look at the last
element of the path of the symlink for the subsystem, which
will work with class devices and bus devices alike. (The new
bus-only devices only symlink to the /sys/bus/* hierarchy.)
We delete the legacy kernel v2.6.2x /sys/block device path
code as part of this change. It's too old to be kept alive.
Tested on kernel v4.6-rc2 with a bunch of devices, including
some IIO and gpiochip devices.
With a print inserted before make_device() the log looks
like so:
Create device from "/sys/dev/char/1:1", subsystem "mem"
Create device from "/sys/dev/char/1:2", subsystem "mem"
Create device from "/sys/dev/char/1:3", subsystem "mem"
Create device from "/sys/dev/char/1:5", subsystem "mem"
(...)
Create device from "/sys/dev/block/179:56", subsystem "block"
Create device from "/sys/dev/block/179:64", subsystem "block"
function old new delta
mdev_main 1388 1346 -42
dirAction 134 14 -120
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-162) Total: -162 bytes
Cc: Isaac Dunham <ibid.ag@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If a non-starttls helper is in use, initial 220 response is processed by us,
not by helper.
Some servers consider us to be a spammer if we don't wait for it.
It is not in protocol, but it is a real-life problem.
The workaround in this patch is a magic envvar, $SMTP_ANTISPAM_DELAY:
...
-H 'PROG ARGS' Run connection helper. Examples:
openssl s_client -quiet -tls1 -starttls smtp -connect smtp.gmail.com:25
openssl s_client -quiet -tls1 -connect smtp.gmail.com:465
$SMTP_ANTISPAM_DELAY: seconds to wait after helper connect
...
By using it, people can tweak sendmail behavior even if sendmail invocation
is buried in some scripts.
function old new delta
packed_usage 30464 30497 +33
sendmail_main 1185 1206 +21
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 54/0) Total: 54 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Lauri Kasanen:
:: Over at TinyCore, we receive a huge number of questions of the type "I
:: got "short write", what does it mean?". Mostly for the rpi port and when
:: using bb wget.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The udhcpc script may be used to setup fallback configuration (E.G. IPv4LL,
fixed IP address, ..) that also needs to be cleaned up on release (E.G.
when SIGUSR2 is called or on shutdown with -R), so unconditionally call
deconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Conditional rewrite can keep NUM_APPLETS.h mtime old,
this causes make to try to regenerate it at every invocation.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
"Total allocated sectors 2021315 greater than the maximum 2020356"
maximum what?
Turns out, that's the CHS size of the disk.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Before:
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 998 255471+ 6 FAT16
What are "blocks"? What is that "+"?
How big is this partition?
Is start/end shown came from LBA fields or CHS fields?
Why are we torturing the user??
After:
Device Boot StartCHS EndCHS StartLBA EndLBA Sectors Size Id Type
/dev/sdb1 * 0,1,1 996,15,32 32 510974 510943 249M 6 FAT16
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The filenames in docs/keep_data_small.txt are a little bit outdated.
It's better to change it to the current name.
decompress_unzip.c -> decompress_gunzip.c
(since commit 774bce8e8b)
libbb/messages.c -> libbb/ptr_to_globals.c
(since commit 574f2f4394)
Signed-off-by: Kang-Che Sung <explorer09@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
We set all opened script fds to CLOEXEC, thus making then go away
after fork+exec.
Unfortunately, CLOFORK does not exist. NOEXEC children will still see those fds open.
For one, "ls" applet is NOEXEC. Therefore running "ls -l /proc/self/fd"
in a script from standalone shell shows this:
lrwx------ 1 root root 64 Aug 20 15:17 0 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 1 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 2 -> /dev/pts/3
lr-x------ 1 root root 64 Aug 20 15:17 3 -> /path/to/top/level/script
lr-x------ 1 root root 64 Aug 20 15:17 4 -> /path/to/sourced/SCRIPT1
...
with as many open fds as there are ". SCRIPTn" nest levels.
Fix it by closing these fds after fork (only for NOEXEC children).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Run this in a "sh SCRIPT":
sha256sum /dev/null
echo END
sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s.
By this time, entire script is read, and buffered in a FILE object
from fopen("SCRIPT"). But fgetc() did not consume entire input.
exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'.
(this may be libc-specific).
This change of fd position *is shared with the parent*!
Now parent can read more, and it thinks there is another "echo END".
End result: two "echo END"s are run.
Fix this by _exit()ing instead.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Some user managed to hit a race where iface is gone between SIOCGIFFLAGS
and SIOCSIFFLAGS (!). If SIOCSIFFLAGS fails, treat it the same as failed
SIOCGIFFLAGS
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
fix broken logic to get the gzip_level_config value from options -1 to
-9.
This fixes an off-by-one bug that caused gzip -9 output bigger files
than the other compression levels.
It fixes so that compression level 1 to 3 are actually mapped to level 4
as comments say.
It also fixes that levels -4 to -9 is mapped to correct level and avoids
out-of-bounds access.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an
infinite loop of responses between two busybox NTP servers. Adding
more packets to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is necessary for multi-hosted TLSed web sites.
function old new delta
spawn_https_helper_openssl 334 441 +107
Based on a patch by Jeremy Chadwick <jdc@koitsu.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
On user request.
I thought enabling/disabling them all together is more consistent.
Evidently, some people do want them to be separately selectable.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>