sysctl would try to read/write any path you gave it either on
the command line or configuration file. It would append /proc/sys
on the path but not check for any sneaky path traversal with ../
This commit means it first resolves all paths using realpath(3)
and then checks the path starts with "/proc/sys/"
At first I thought this might be a non-issue, but perhaps someone
could put a file into the sysctl configuration path and.. do
something? Anyway its a 8-line fix and makes things more correct.
References:
#179
Signed-off-by: Craig Small <csmall@dropbear.xyz>
As we're using buffered I/O when writing kernel parameters, write errors
may get delayed until we close the `FILE` stream. As we are currently
outputting the key that is to be set disregarding the return value of
`close_stream`, we may end up in a situation where we report error and
success:
$ sysctl kernel.printk_ratelimit=100000000000000
sysctl: setting key "kernel.printk_ratelimit": error code 22
kernel.printk_ratelimit = 100000000000000
Fix the issue by only outputting the updated value in case
`close_stream` does not report an error.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
--------------- Original Master Branch Commit Message:
Changed "a variables" to "the given variable(s)"
References:
procps-ng/procps#84
Signed-off-by: Jim Warner <james.warner@comcast.net>
Now that the procio logic was removed from the library
we must move the header file, lest we break make dist.
In the process, we will relocate that source file too.
[ we'll take a slightly different approach than that ]
[ used under the master branch by exploiting those 2 ]
[ non-library directories 'include' and 'lib', while ]
[ avoiding any sysctl hard coded function prototype. ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
thereby use one allocated buffer for I/O which now might
be increased by the stdio function getline(3) on the
file if required.
Signed-off-by: Werner Fink <werner@suse.de>
by using getline(3) to use a dynamically increased buffer
if required by the input found in sysctl configuration files.
Signed-off-by: Werner Fink <werner@suse.de>
The commit referenced below put a setvbuf() before checking what
fopen() returned. If the file could not be opened then the file
handle was NULL at setvbuf() crashed.
setvbuf() is now called after checking what fopen() returns and only
when it was successful.
References:
procps-ng/procps#76
commit 58ae084c2737cdee395915d45dbcb364648ac615
read huge informations at once as otherwise all files below
/proc/sys, not using the seq_file API at the kernel side,
will return EOF on a second read.
Signed-off-by: Werner Fink <werner@suse.de>
as well do not open /proc/sys files if only the names of the
system control names of the kernel parameters should be shown.
Avoid leaking tmpname in case of a pattern mismatch.
Signed-off-by: Werner Fink <werner@suse.de>
index() is a legacy function, which is no longer implemented by all C
libraries (example: uClibc). Instead, use the POSIX defined strchr()
function.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
sysctl --system fails when the file /etc/sysctl.conf doesn't
exists. This happens due to wrong check of stat(2) return code.
Reference:
https://www.freelists.org/post/procps/sysctl
Signed-off-by: Craig Small <csmall@enc.com.au>
This commit properly resolves the merge conflict
caused by the following two commits:
fb6d4e6cb42ffacfbe300021f062b5057ba7015d
f8128568d671d2c07b7d2faf0bc399fb9b7bd69e
GLOB_TILDE is a GNU extension and may not be present on all systems.
Note (jcapik): The original patch from Michael Forney didn't
apply cleanly due to my recent addition of the GLOB_BRACE flag
in the list of flags. I had to edit the patch to make it apply,
but that produces an inconsistent state. It's gonna be fixed
in the next commit.
This commit adds the GLOB_BRACE flag in the glob flags.
That allows to expand the csh style braces {a,b} and
define multiple independent patterns for config file
locations.
I ran into this limit with net.ipv4.ip_local_reserved_ports ,
sysctl complained about the line after the long line, further
slowing down my error hunting.
Due to fgets usage, increase buffer size to 4096 chars with
minimum amount of code changes.
Signed-off-by: Sami Farin <hvtaifwkbgefbaei@gmail.com>
Commit cdca71e94506fbb921ab2c626be3ad05c4287498 fixed
the loading the sysctl.conf file, but had the logic
for checking the file exists reversed incorrectly.
To assist the translators, each option is a separate string.
This means if we add/change/delete an option the remaining ones
will just keep working and only the impacted option needs some
translation work on it.
Gilles brought up a warning message in sysctl.c
sysctl.c: In function 'main':
sysctl.c:767: warning: value computed is not used
The return value of Preload was not being applied correctly to ret
meaning sysctl would not return the correct value.
Reference: http://www.freelists.org/post/procps/procpsng-337,18
Signed-off-by: Craig Small <csmall@enc.com.au>
For portabiliy, check for program_invocation_name during configure and
define HAVE_PROGRAM_INVOCATION_NAME accordingly. Use of this symbol is
now enclosed with the appropriate #ifdef block.
The symbol program_invocation_name is only used for error message
handling using error(), so it's safe to omit this if it is not
available.
sysctl.c:293:5: warning: no previous declaration for 'is_deprecated' [-Wmissing-declarations]
sysctl.c:472:58: warning: declaration of 'pattern' shadows a global declaration [-Wshadow]
sysctl.c:67:14: warning: shadowed declaration is here [-Wshadow]
sysctl.c:650:7: warning: variable 'SwitchesAllowed' set but not used [-Wunused-but-set-variable]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Commit e01765d30b7c4767868d5379fbfb36d1dc15eba4 added is_deprecated(), which
crashed when user had input without without /proc/sys/ subdirectory. The below
should illustrate how exactly the bug got to be trickered.
$ cat ~/foo
cause = crash
$ ./sysctl -p ~/foo
Segmentation fault
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The previous version of sysctl had the form:
sysctl -p [file]
In other words, it required a space between the -p and the [file].
Omitting the space would lead to an error.
The new version though is the opposite:
sysctl -p[file]
In other words, it requires there to not be a space.
Considering the old behavior has been around for a decade, and runtime
checking for this mismatch in behavior is silly, and supporting the old
syntax is trivial, add support for it.
When '-p regexp' is glob is used to make reqular expression to be
expanded to argument list, which also means that -p option will
allow multiple files being specified as input.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
There's an off-by-one error in the count (".conf" is 5 bytes, not 6),
and the logic is inverted for the strcmp return value -- we want to
skip the files when they *don't* end in .conf, not when they *do*.
Also fix the off-by-one len check.
Bug-Debian: http://bugs.debian.org/669128
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The stdbool.h header is part of C99 and has been usable on systems for
more than a decade. Let's drop these manual hacks.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
If stream status is not checked at the end of execution below problem
would not report error, or non-zero exit code. The uptime is just an
example same was true with all commands of the project.
$ uptime >&- ; echo $?
uptime: write error: Bad file descriptor
1
$ uptime >/dev/full ; echo $?
uptime: write error: No space left on device
1
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Any key=value pair following the first one are dropped after
commit 81df8e26300b35968e3702decc02e9413d5389fc, due to changing
from the while loop to using getopt.
Broken behavior:
sysctl net.ipv6.conf.tun0.optimistic_dad net.ipv6.conf.tun0.mc_forwarding
net.ipv6.conf.tun0.optimistic_dad = 0
Good behavior:
sysctl net.ipv6.conf.tun0.optimistic_dad net.ipv6.conf.tun0.mc_forwarding
net.ipv6.conf.tun0.optimistic_dad = 0
net.ipv6.conf.tun0.mc_forwarding = 0
Reference: http://www.freelists.org/post/procps/BUG-Commit-81df8e2-allows-only-one-keyvalue-arg
Reported-By: Sven Ulland <sveniu@opera.com>
Signed-off-by: Jim Warner <james.warner@comcast.net>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Strings with lower caps & no trailing dots have greater change to
have multiple occurences, meaning less effort for translators, than
strings with them.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
err and warn are BSD format but they are not recommended by library
developers. However their consiseness is useful!
The solution is to use some macros that create xerr etc which then
just map to the error() function. The next problem is error() uses
program_invocation_name so we set this to program_invovation_short_name
This is a global set but seems to be the convention (or at least errors
are on the short name only) used everywhere else.
Pattern matching support in `sysctl: implement --pattern option'
commit did not work when variable path was defined, for example
$ sysctl net.ipv4 -r arp.ignore
gave no output. Reason being was tht the pattern was matched agains
the specified argument and not the output variable list.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Add the following three functions to most of the commands.
setlocale (LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
Reference: http://www.freelists.org/post/procps/backporting,1
Reported-by: Jim Warner <james.warner@comcast.net>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
For some reason sysctl earlier allowed quite strange separators.
% sysctl kernel./.pty.nr
kernel./.pty.nr = 6
% sysctl kernel///pty//////////nr
kernel...pty..........nr = 6
This commit does not disallow that sort of constructs, but will warn
about them. In future disallowing these might be reasonable thing to
do.
% sysctl kernel./.pty.nr
sysctl: separators should not be repeated: ./.pty.nr
kernel./.pty.nr = 6
Signed-off-by: Sami Kerola <kerolasa@iki.fi>