On Wed, Jan 8, 2014 at 10:33 PM, Matthias Andree mand...@freebsd.org wrote:
Please try current git.
Better, but still does not work due to use of alloca.h in
scripts/basic/fixdep.c l. 116 and scripts/basic/docproc.c l. 42.
I removed the include, please try current git again.
BTW I forgot to
On Wed, Jan 8, 2014 at 5:50 PM, Cristian Ionescu-Idbohrn
cristian.ionescu-idbo...@axis.com wrote:
The code suggests this patch:
From e68af87e1e38911bb3dd653ad36701f81dbbdc3f Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn cristian.ionescu-idbo...@axis.com
Date: Wed, 8 Jan 2014
On Mon, Jan 6, 2014 at 5:03 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i've been able to get the SOCK_DGRAM stuff to work with a little help of
Vasily, author of the kernel patch.
see attached proof-of-concept patch.
i'm aware that it doesnt use xbind() and other busybox replacement
Denys Vlasenko wrote:
On Mon, Jan 6, 2014 at 5:03 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i've been able to get the SOCK_DGRAM stuff to work with a little help of
Vasily, author of the kernel patch.
see attached proof-of-concept patch.
i'm aware that it doesnt use xbind() and
On 9 Jan 2014 at 12:43, Waldemar Brodkorb wrote:
Date sent: Thu, 9 Jan 2014 12:43:09 +0100
From: Waldemar Brodkorb w...@openadk.org
To: Michael D. Setzer II mi...@kuentos.guam.net
Copies to: busybox@busybox.net
Subject:
On Thursday 09 January 2014 13:35:59 John Spencer wrote:
Denys Vlasenko wrote:
On Mon, Jan 6, 2014 at 5:03 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i've been able to get the SOCK_DGRAM stuff to work with a little help of
Vasily, author of the kernel patch.
see attached
Hi Michael !
You can add following to your startup script:
echo 0 /proc/sys/kernel/printk
This changes the loglevel of the console, but doesn't guarantee
all messages are suppressed.
Better you assign your console to a different device (kernel
parameter console= or command logconsole), or
On Thu, 9 Jan 2014, Cristian Ionescu-Idbohrn wrote:
Yes. I did miss something after all :(
Nevertheless, are the POSIX options LHP intended to be default (as
usage suggests) or DESKTOP dependent?
Answer to self (after staring at the code a little longer):
* yes, the 'HLP' options are
On Thursday 09 January 2014 15:07:23 Laurent Bercot wrote:
making ping suid in the context of busybox basically means make the
entire busybox binary suid and that is definitely a bad idea (an
example that comes to mind is the wall vulnerability discovered
recently).
Hi,
Busybox drops
On Fri, Jan 3, 2014 at 3:48 PM, Natanael Copa natanael.c...@gmail.com wrote:
Seems like busybox 'find -type f' broke with 1.22.0:
ncdev-edge-musl-x86:~/aports/main$ find -type f
invalid option -- t
BusyBox v1.22.0 (2014-01-02 15:56:19 GMT) multi-call binary.
Usage: find [-HL] [PATH]...
On Thu, Jan 9, 2014 at 1:35 PM, John Spencer
maillist-busy...@barfooze.de wrote:
This seems to lead to a significantly larger code.
Making ping suid wasn't such a big problem before, so
why should we have all these complications now?
making ping suid in the context of busybox basically
On Thu, Jan 9, 2014 at 3:07 PM, Laurent Bercot ska-dietl...@skarnet.org wrote:
I never understood all the fuss about that or the chosen
Busybox solution. Gaining privileges is the single most dangerous
thing in Unix
An attacker who only manages to subvert your user account,
of course, can't
On Thu, Jan 9, 2014 at 2:51 PM, Cristian Ionescu-Idbohrn
cristian.ionescu-idbo...@axis.com wrote:
On Thu, 9 Jan 2014, Cristian Ionescu-Idbohrn wrote:
Yes. I did miss something after all :(
Nevertheless, are the POSIX options LHP intended to be default (as
usage suggests) or DESKTOP
On Sat, Jan 4, 2014 at 10:10 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i use the following to build busybox in debug mode
if [ ! -z $DEBUGBUILD ] ; then
debugcflags=-O0 -g
sed -i 's/# CONFIG_DEBUG is not set/CONFIG_DEBUG=y/' .config
sed -i 's/#
Denys Vlasenko wrote:
On Thu, Jan 9, 2014 at 1:35 PM, John Spencer
maillist-busy...@barfooze.de wrote:
This seems to lead to a significantly larger code.
Making ping suid wasn't such a big problem before, so
why should we have all these complications now?
making ping suid in the context of
Applied with some corrections, thanks!
On Thu, Jan 2, 2014 at 11:13 PM, Ryan Mallon rmal...@gmail.com wrote:
Fix a use of buf after it has been freed at the end of the
do_rd() function. If the connection is being terminated, then there is
no need to do the fcntl(), so just return immediately.
An attacker who only manages to subvert your user account,
of course, can't get at the precious things like /usr/bin/* files
and modify or delete them.
He can only read your locally saved emails,
browser's cache and saved passwords
of your bank website login.
Oh, wait...
Eh, I didn't
* make a single busybox binary with all the applets I need. My
busybox binary is NEVER setuid.
* compile a separate small C program that tests whether
`basename $0` is in a list of accepted words, and if it is the
case, execs into /bin/busybox `basename $0` $@. Make that separate
binary
Signed-off-by: Cristian Ionescu-Idbohrn cristian.ionescu-idbo...@axis.com
---
coreutils/Config.src | 3 ++-
coreutils/tail.c | 8
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/coreutils/Config.src b/coreutils/Config.src
index 0c44c4b..04bc250 100644
---
On Thu, Jan 9, 2014 at 7:15 PM, Laurent Bercot ska-dietl...@skarnet.org wrote:
An attacker who only manages to subvert your user account,
of course, can't get at the precious things like /usr/bin/* files
and modify or delete them.
He can only read your locally saved emails,
browser's cache
They were order of magnitude more problematic
when multi-user machines were the norm.
True enough, but it is still the case, for a good definition of user.
Most machines today only have one human user, but there are a lot
of uids and gids used to run daemons with separate privileges. It is
A separate suid-exec relay utility is in fact exactly what
we use on our BB installation in our product, and have
for years. BB itself is not suid, I/we didn't trust it
enough. Here it is:
/*
** Relay execution program to setuid-root selected busybox functions.
** (We are expected to be
Cathey, == Cathey, Jim jcat...@ciena.com writes:
This is on a read-only root filesystem that is built the way we want it.
(Squashfs, I believe.) There aren't any, and can't be, any links to names
we don't wish to give suid permission to.
And no writable storage anywhere (E.G. a tmpfs for
This is on a read-only root filesystem that is built the way we want it.
(Squashfs, I believe.) There aren't any, and can't be, any links to names
we don't wish to give suid permission to.
-- Jim
-Original Message-
Where's the check for what applets are allowed? What stops you from
Doesn't really do you much good since BB is still doing
its own name checks.
No, it's not perfect. Making this kind of relay program a real part
of BB, as a user-selectable option probably, would be best.
-- Jim
-Original Message-
From: Peter Korsgaard [mailto:jac...@gmail.com] On
Oh, and it helps to know that users on this particular system
do not get access to shells. Or rather, the account shell _is_ our
custom application. Bash (or ash) is there, but not exposed.
It's used by admin scripts, booting, etc.
-- Jim
-Original Message-
From:
Am 09.01.2014 11:11, schrieb Denys Vlasenko:
On Wed, Jan 8, 2014 at 10:33 PM, Matthias Andree mand...@freebsd.org wrote:
Please try current git.
Better, but still does not work due to use of alloca.h in
scripts/basic/fixdep.c l. 116 and scripts/basic/docproc.c l. 42.
I removed the include,
On Thu, Jan 09, 2014 at 02:04:12PM +0100, Tito wrote:
On Thursday 09 January 2014 13:35:59 John Spencer wrote:
Denys Vlasenko wrote:
On Mon, Jan 6, 2014 at 5:03 PM, John Spencer
maillist-busy...@barfooze.de wrote:
i've been able to get the SOCK_DGRAM stuff to work with a little help of
On Thu, Jan 09, 2014 at 08:03:49PM +0100, Denys Vlasenko wrote:
If you are afraid that ping may have a bug, spend time auditing ping,
not making it more ugly just because you can make such bug
impact only lowly user.
The concern is not that ping may have a bug. The concern is that the
presence
You're performing too much work copying your argument list. :P
The wrapper should be entirely transparent: busybox shouldn't
even notice it has been run through it, so it should be called
with the exact same argv. Here's what I do.
Notes:
* untested, please check carefully. The actual code
From: Alison Chaiken alison_chai...@mentor.com
This significantly streamlined version is based on suggestions by Souf
Oued. The output is the same as before:
root@mx6q:~# lsi2c
Controller 0 for driver sgtl5000 at address 0x000a.
Controller 1 for driver ov5642 at address 0x003c.
Controller 2 for
On Thursday 09 January 2014 21:09, Laurent Bercot wrote:
It is not logical anymore to see root exploits as orders of magnitude
more dangerous than user-level ones, and spend much more efforts
to prevent specifically these exploits to be used.
If you are afraid that ping may have a bug,
32 matches
Mail list logo
