Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
Hi!
The correct syntax is [ -n ${var} ] (notice the quotes).
Thanks to Vasilis.
A security notice:
Don't use more then one expression in one test call.
Use instant two test calls:
if [ -z $x ] [ -z $y ]; then
echo x and y are empty
fi
if [ -z $x ] || [ -z $y ]; then
echo x or y is empty
fi
If more then one expression is done with test the comparison is exploitable.
It's a design error of the UNIX shell and can't be fixed.
Regards
Alina
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] etherwake configuration, not working on eth0
Matthias Maddes Bücher http://www.maddes.net/ Home: Earth / Germany / Ruhr-Area On 18.07.2009 21:33, Matthias Buecher / Germany wrote: Hi everybody, I just found out that etherwake and busybox's ether-wake are not working with the default interface eth0, but with br-lan. This is on a WRT350Nv2 with Marvell Orion CPU. Now my questions: #1 Is this a WRT350Nv2 / Marvell Orion specific issue? Or is br-lan the right interface for all builds of Kamikaze 8.09 to broadcast magic packets? #2 If br-lan is the way to go, can the default interface be changed by a configuration variable (didn't see any)? Otherwise will create some patches to solve it. I'm done creating the patches for etherwake and busybox's ether-wake to use br-lan as a default. But can somebody confirm that br-lan is also a working interface for other devices or Kamikaze 8.09 in general? #3 Also send a patch to the X-Wrt developers to support interfaces on their WoL page in their web front-end for OpenWrt. Maddes ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] etherwake configuration, not working on eth0
On Sunday 19 July 2009 13:27:47 Matthias Buecher / Germany wrote: [...] I'm done creating the patches for etherwake and busybox's ether-wake to use br-lan as a default. But can somebody confirm that br-lan is also a working interface for other devices or Kamikaze 8.09 in general? Kamikaze sets up the lan interface as a bridge per default, so your patch should work. But it will probably break as soon as somebody changes the interface config. And even if eth0 is bridged, etherwake should work on the base device eth0 as well if I'm not mistaken. Anyway, if it doesn't work for you, I guess the best way to handle this is by doing something like this in the scripts which use etherwake: . /etc/functions.sh include /lib/network DEFAULT_IFACE=lan scan_interfaces config_get iface $DEFAULT_IFACE ifname etherwake -i $iface $@ The $DEFAULT_IFACE could be made configurable. Cheers, Malte -- ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] etherwake configuration, not working on eth0
On Sunday 19 July 2009 14:22:38 Matthias Buecher / Germany wrote: On 19.07.2009 13:52, Malte S. Stretz wrote: On Sunday 19 July 2009 13:27:47 Matthias Buecher / Germany wrote: [...] And even if eth0 is bridged, etherwake should work on the base device eth0 as well if I'm not mistaken. Anyway, if it doesn't work for you, I guess the best way to handle this is by doing something like this in the scripts which use etherwake: . /etc/functions.sh include /lib/network DEFAULT_IFACE=lan scan_interfaces config_get iface $DEFAULT_IFACE ifname etherwake -i $iface $@ The $DEFAULT_IFACE could be made configurable. For my private script I currently use the following code, which works great. As I'm the only user of the script, a simple env var is good enough. [...] Try the attached script :) Cheers, Malte -- uciwol Description: application/shellscript ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] etherwake configuration, not working on eth0
On 19.07.2009 13:52, Malte S. Stretz wrote:
On Sunday 19 July 2009 13:27:47 Matthias Buecher / Germany wrote:
[...]
And even if eth0 is bridged, etherwake should work on the base device eth0 as
well if I'm not mistaken.
Anyway, if it doesn't work for you, I guess the best way to handle this is by
doing something like this in the scripts which use etherwake:
. /etc/functions.sh
include /lib/network
DEFAULT_IFACE=lan
scan_interfaces
config_get iface $DEFAULT_IFACE ifname
etherwake -i $iface $@
The $DEFAULT_IFACE could be made configurable.
For my private script I currently use the following code, which works
great. As I'm the only user of the script, a simple env var is good enough.
EWIF='br-lan'
# find program
FOUND=0
for EWCMD in 'ether-wake' 'etherwake' 'wol'
do
[ -z `which ${EWCMD}` ] continue
FOUND=1
break
done
# exit if not found
if [ ${FOUND} -eq 0 ]
then
echo No etherwake program available (use opkg install etherwake)
exit 1
fi
# issue program
echo 'Waking up PC, please wait...'
echo ...using ${EWCMD}${EWIF:+ -i ${EWIF}} ${EWMAC}
${EWCMD}${EWIF:+ -i ${EWIF}} ${EWMAC}
RC=$?
if [ ${RC} -ne 0 ]
then
echo ${EWCMD} returned error code ${RC}
exit 1
fi
Maddes
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
Hi! Could you quote an example or deliver an exploit? A example for the BASH: if [ -z $do_login -o $user != 'foo' -o $password != 'bar' ]; then echo login faild else echo login success fi Normal: http://[...]/[...]?do_login=1user=foopassword=unknown Output: login faild Exploit: http://[...]/[...]?do_login==user=foopassword=unknown Output: bash: [: too many arguments login success Regards Alina ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
well I doublechecked it .. and while you are right on the checked input, I am
sure that
if [ -z = ] ...
shouldn't throw an error .. I also tried simple quotes (')
On the other hand, you are right no security issue. Because the right way to
authenticate of course would be..
if [ ! -z $do_login -a $user == 'foo' -a $password == 'bar' ]; then
echo login success
else
echo login failed
fi
and this wouldn't be flawed by the error. I am still not sure, if this is meant
to be.
@Alina: Do you have reason to believe this isn't bug? If yes, why.
... bud
#
Warren Turkal wrote:
That example is more of an example of unsanitized input and improper error
checking. While it is a common broblem with shell, I don't see how it
relates to the claim made earlier. Is there a better example the doesn't
rely on the user providing unchecked input? Maybe that example would make it
clear to me.
Warren Turkal
Linux Enthusiast and Libre Software Advocate
On Jul 19, 2009 7:09 AM, Alina Friedrichsen x-al...@gmx.net wrote:
Hi!
Could you quote an example or deliver an exploit?
A example for the BASH:
if [ -z $do_login -o $user != 'foo' -o $password != 'bar' ]; then
echo login faild
else
echo login success
fi
Normal:
http://[...]/[...]?do_login=1user=foopassword=unknown
Output:
login faild
Exploit:
http://[...]/[...]?do_login==user=foopassword=unknown
Output:
bash: [: too many arguments
login success
Regards Alina ___ openwrt-devel
mailing list openwrt-de...
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
That example is more of an example of unsanitized input and improper error checking. While it is a common broblem with shell, I don't see how it relates to the claim made earlier. Is there a better example the doesn't rely on the user providing unchecked input? Maybe that example would make it clear to me. Warren Turkal Linux Enthusiast and Libre Software Advocate On Jul 19, 2009 7:09 AM, Alina Friedrichsen x-al...@gmx.net wrote: Hi! Could you quote an example or deliver an exploit? A example for the BASH: if [ -z $do_login -o $user != 'foo' -o $password != 'bar' ]; then echo login faild else echo login success fi Normal: http://[...]/[...]?do_login=1user=foopassword=unknown Output: login faild Exploit: http://[...]/[...]?do_login==user=foopassword=unknown Output: bash: [: too many arguments login success Regards Alina ___ openwrt-devel mailing list openwrt-de... ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. I too still fail to see what's the actual problem. The test utility does exactly what it's supposed to do. Of course if you're using a poor method to parse the query string and then pass the bits unchecked to test it could result in some weird side effects. I was once bitten by that, we spend hours to find a resonable secure approach to parse a query strings with bash, only to find later that it was easy to circumvent by settings IFS via the url. So we extended the function to skip IFS, only to see that ...I\FS=... works too... d'oh. Conclusion: Use a better tool (tm) for the job, always prefix vars to avoid the possibility to pollute you current namespace, perform careful input checking. ~ JoW -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpjbPMACgkQdputYINPTPPWHACgm4lcahXSHiFxPqFk26iioDpG TvcAoJtZEYo/fIUv4Mw644uAmfUtGbU5 =qi21 -END PGP SIGNATURE- ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
I too still fail to see what's the actual problem. The test utility does exactly what it's supposed to do. in this case [ -z = ] shouldn't result in ./test.sh: line 6: [: too many arguments apart from this bug? I still see no problem .. bud ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
Hello!
well I doublechecked it .. and while you are right on the checked input, I
am sure that
if [ -z = ] ...
shouldn't throw an error .. I also tried simple quotes (')
Yes, only one expression is no Problem in all shell implementations I have
tested.
On the other hand, you are right no security issue.
That depends on the situation where the comparison is done.
Because the right way
to authenticate of course would be..
Both ways are right, yours are only more common.
and this wouldn't be flawed by the error. I am still not sure, if this is
meant to be.
The error handling of the shell interpreters are deferent, so you can't trust
on that.
@Alina: Do you have reason to believe this isn't bug? If yes, why.
Whats isn't a bug? It's a design error. You can't implement a shell
interpreter, that is compatible with the current syntax and don't have the
Problem, that you can inject a expression with the value argument. It's like
strcpy() in C.
Regards
Alina
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
Alina Friedrichsen wrote:
Hello!
well I doublechecked it .. and while you are right on the checked input, I
am sure that
if [ -z = ] ...
shouldn't throw an error .. I also tried simple quotes (')
Yes, only one expression is no Problem in all shell implementations I have
tested.
you are right here .. I missed that
if [ ! -z $do_login ] [ $user == 'foo' -a $password == 'bar' ]; then
works, while
if [ ! -z $do_login -a $user == 'foo' -a $password == 'bar' ]; then
throws the error if do_login='='
@Alina: Do you have reason to believe this isn't bug? If yes, why.
Whats isn't a bug? It's a design error. You can't implement a shell
interpreter, that is compatible with the current syntax and don't have the
Problem, that you can inject a expression with the value argument. It's like
strcpy() in C.
Sorry I only see that test obviously handles one and the same situation
different, or better dies with a syntax error in one case. I am sure this is
not supposed to happen.
.. bud
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
Hello! I too still fail to see what's the actual problem. The test utility does exactly what it's supposed to do. Of course if you're using a poor method to parse the query string and then pass the bits unchecked to test it could result in some weird side effects. test is one of the main functions to check user input in this script language. There aren't much alternatives to it. in this case [ -z = ] shouldn't result in ./test.sh: line 6: [: too many arguments apart from this bug? I still see no problem .. bud The test function can't know what do you mean if you have more then one expression. With [ -n = -a #[...] you can mean that: 1. if the string = is non empty and something other is true or 2. if the string -n is equal to the string -a the function can't find out what expression do you want. It can't differ a variable from a meta character. If you only use one expression per test call, than the tool can use the argument length to find out what expression do you want. The bash, dash and BusyBox ash do so. Regards Alina ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
Hi! Thanks for explaining.. this makes perfectly sense and would be right if the metacharacter hadn't been enclosed in quotes. This should help the interpreter on its feet again.. shouldn't it? No the test utility or it's alias [ is designed as a normal external command like every other command line tool in UNIX. instead of x='=' if [ -n $x ]; then true fi you can write x='=' if /usr/bin/test -n $x; then # or maybe /bin/test true fi The quotes aren't passed to it like to every other command line tool. There are 2 Arguments, argument 1 is -n and argument 2 is =, that are all informations that are passed to test, no quotes. Regards Alina ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
Hi all,
Alina Friedrichsen napsal(a):
Hi!
The correct syntax is [ -n ${var} ] (notice the quotes).
Thanks to Vasilis.
A security notice:
It can become a security issue when any function is wrongly used in a security
context.
I would mark this one only as a general warning.
Don't use more then one expression in one test call.
You can freely use test concatenated by logical operators if you know how the
used shell handles them and prevent the wrong behavior by protecting variables.
It is just not portable.
Use instant two test calls:
if [ -z $x ] [ -z $y ]; then
echo x and y are empty
fi
For example:
if [ x$x = x -a x$y = x ] ; then
or
if [[ -z $x -z $y ]] ; then ## in bash
would do the same thing but either way is not portable (-a and [[).
if [ -z $x ] || [ -z $y ]; then
echo x or y is empty
fi
If more then one expression is done with test the comparison is exploitable.
It's a design error of the UNIX shell and can't be fixed.
I would not dare to say the one UNIX shell. There are many shells. And every
one of them has its own issues or quirks or exceptions.
Busybox (the original complaint was targeted to it) claims its POSIX compliance
and it should handle -z/-n tests properly but the result is the same like in
bash. The good way to handle it safely is to use portable expressions.
Some of them are well documented differences, you can look to the Autoconf
manual. It has had to handle them to become a really multiplatform tool.
See for example:
http://www.gnu.org/software/autoconf/manual/html_node/Limitations-of-Builtins.html#index-g_t_0040command_007btest_007d-1431
Regards
Alina
Best regards,
Lubos
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] -n comparison not working in Busybox 1.13.4
Hi all, A common workaround for this is to use [ x$var == x ] instead of [ -z $var ] and [ x$var != x ] instead of [ -n $var ] which doesn't exhibit the mentioned problem. Regards, Aleksandar Alina Friedrichsen wrote: Hi! Thanks for explaining.. this makes perfectly sense and would be right if the metacharacter hadn't been enclosed in quotes. This should help the interpreter on its feet again.. shouldn't it? No the test utility or it's alias [ is designed as a normal external command like every other command line tool in UNIX. instead of x='=' if [ -n $x ]; then true fi you can write x='=' if /usr/bin/test -n $x; then # or maybe /bin/test true fi The quotes aren't passed to it like to every other command line tool. There are 2 Arguments, argument 1 is -n and argument 2 is =, that are all informations that are passed to test, no quotes. Regards Alina ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
