Gregory Fong | 29 Sep 20:58 2014

[PATCH] mdev: fix sysfs traversal with CONFIG_SYSFS_DEPRECATED_V2=y

From: Simon Edlund <simon <at>>

When mdev -s traverses the /sys directory looking for "dev" files, it
starts with the block devices under /sys/block, and will find the "dev"
file through the symlink, and create a block device node.  In the next
stage it will scan the /sys/class looking for char devices, and will
find mtdX/dev again, but this time the mknod will fail because there is
already a device node with that name.

[gregory: added commit message to patch from BZ #6806]
Signed-off-by: Gregory Fong <gregory.0xf0 <at>>
 util-linux/mdev.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/util-linux/mdev.c b/util-linux/mdev.c
index b2d5657..b65ed58 100644
--- a/util-linux/mdev.c
+++ b/util-linux/mdev.c
 <at>  <at>  -1049,6 +1049,9  <at>  <at>  int mdev_main(int argc UNUSED_PARAM, char **argv)


+		recursive_action("/sys/class",
+			fileAction, dirAction, temp, 0);
 		/* ACTION_FOLLOWLINKS is needed since in newer kernels
 		 * /sys/block/loop* (for example) are symlinks to dirs,
 		 * not real directories.
 <at>  <at>  -1065,9 +1068,6  <at>  <at>  int mdev_main(int argc UNUSED_PARAM, char **argv)
(Continue reading)

Chen Qi | 29 Sep 10:02 2014

[PATCH] syslogd: unlink _PATH_LOG when exiting if not in systemd

If the /dev/log is created by syslogd daemon, then we need to unlink
it when the daemon exists.

If /dev/log is created by systemd, then systemd is responsible for
it, hence there's no need to unlink it in syslogd.

Signed-off-by: Chen Qi <Qi.Chen <at>>
 sysklogd/syslogd.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sysklogd/syslogd.c b/sysklogd/syslogd.c
index 266657f..fb35cc7 100644
--- a/sysklogd/syslogd.c
+++ b/sysklogd/syslogd.c
 <at>  <at>  -998,6 +998,8  <at>  <at>  static void do_syslogd(void)
 	if (option_mask32 & OPT_kmsg)
+	if (!(sd_listen_fds() == 1))
+		unlink(_PATH_LOG);
 #undef recvbuf

Dmitry Falko | 29 Sep 11:31 2014

cp and mv with -p preserve xattrs

Hello to all!

On the work required to copy files with extended attributes, busybox 
cp(and mv), unfortunately, unlike the older brother did not know how to 
copy extended attributes, so I wrote a patch copying extended attributes 
(if the call command with the option -p), maybe it will be useful.

Perhaps the quality of the patch is not entirely satisfactory, so 
waiting for the critics.

 From 5782979527f9498b7d39f4a63dbf05483fe66c5d Mon Sep 17 00:00:00 2001
From: Dmitry Falko <dfalko <at>>
Date: Mon, 29 Sep 2014 11:38:15 +0400
Subject: [PATCH] add feature copy xattrs of file if set flag preserve status
  to mv, cp

  include/libbb.h        |    5 +-
  libbb/Config.src       |    6 +++
  libbb/Kbuild.src       |    1 +
  libbb/copy_file.c      |    7 +++
  libbb/copy_file_attr.c |  118 
  5 files changed, 136 insertions(+), 1 deletion(-)
  create mode 100644 libbb/copy_file_attr.c

diff --git a/include/libbb.h b/include/libbb.h
index e520060..4a16542 100644
--- a/include/libbb.h
+++ b/include/libbb.h
(Continue reading)

Nikos Mavrogiannopoulos | 27 Sep 12:37 2014

increase watchdog's priority

 I've noticed that in several cases when my router was busy, watchdog
forced a reboot on the system. That patch increases the priority of the
watchdog compared to other processes.

busybox mailing list
busybox <at>
Sean Mathews | 26 Sep 21:22 2014

In regard to CVE-2014-7169 CVE-2014-6271

In regard to CVE-2014-7169 CVE-2014-6271 looking at busybox-1.22.1/networking/udhcp/dhcpc.c line 403 fill_envp() it seems as if it would be trivial to mess with bootfile and inject a packet that has garbage in the bootfile and exploit this vulnerability.  Something as trivial as removing some characters would likely be sufficient to protect from an exploit.

In any case at any point in the code where the outside is allowed to inject directly into the shell environment data needs to be sanitized the same as one would sanitize a form post on a website application.

here are other files that have the same issue
 networking/httpd.c <- Yep seems easy to exploit.
 networking/ntpd.c <- seems ok but needs more digging. Mostly sanitized by numerics.
 networking/tcpudp.c <- potential via dns poisoning injecting an invalid hostname containing a payload.
 mailutils/reformime.c <- uses data from mail header and places into env.
I see others but they look less likely.

 A wrapper fix for all set/putenv seems reasonable if it can be crafted to identify the use of (). I don't see how we can sanitize to a specific character set such as 3.278 for all environment vars and not cause problems with some use cases. Looking for just () has issues in that other vectors may be discovered down the road so maybe pushing this to fixes in bash is the best solution.

 I would like to see generalized sanitization at every point where put/setenv is used to conform at minimum to the expected data that would be placed in the environment. Unfortunately for things like httpd.c most browsers do not conform to RFC2616 and quote special characters like ( in headers. So it would be trivial to inject a forged user agent header with the exploit in it.

Does anyone here want to chime in on this issue and potential fixes?

Best Regards
 Sean Mathews
 CTO / Director of R&D <at>

busybox mailing list
busybox <at>
Wandeson Ricardo | 25 Sep 23:38 2014

MAIL-LIST: Busybox + Minix Linux static + fbida


I would want to know exist to program to view image in framebuffer that can compile static.?
I compile fbida and get errors. I changes in Makefile but the error return.
(How enviromment variable CDFLAGS and LDFLAGS to build)

Other point the I think interesting is can VLC in TTY (framebuffer) work well in my debian, not the same in mplayer ( used command mplayer -vo fbmode /dev/fb0 [input_file].

Other question was DirectFB and SDL libs but your dependencies it's hard to compilation static.

Thanks you.
busybox mailing list
busybox <at>
Luca Ellero | 24 Sep 14:15 2014

Loading modules with cold plugged devices

I'm trying to load kernel modules at boot time (if needed) but I don't 
manage to get it right.
My configuration is the following:
Pandaboard with U-Boot 2014.07, Linux kernel 3.16 and BusyBox 1.22.1

I have an init script /etc/init.d/rcS like this:

mount -t proc none /proc
mount -t sysfs none /sys
echo /sbin/mdev > /proc/sys/kernel/hotplug
/sbin/mdev -s

and a configuration file /etc/mdev.conf containing only the following line:

$MODALIAS=.*    0:0 660  <at> modprobe "$MODALIAS"

Modules are correctly loaded if I plug in a device while the system is 
up and running.
For example if I plug-in an USB keyboard the correct module (usbhid) is 
But if the keyboard is "cold plugged" (when the system is off) and then 
I power up the Pandaboard, the module isn't loaded.
Even executing "mdev -s" when the system is up doesn't load the module.
Doesn't "mdev -s" scan /sys entries and load modules (as mdev.conf 
points), or am I missing something?

Any help is appreciated.


Luca Ellero
Aaro Koskinen | 23 Sep 21:12 2014

[PATCH] install: support -t option

Some packages want to install themselves using "-t" to specify
the directory (as supported by GNU coreutils). Add support for the option
for compatibility reasons.

Tested by building & installing "perf" from Linux kernel tree
(its install uses -t), plus some other packages which don't use it
to check there's no breakage.

Signed-off-by: Aaro Koskinen <aaro.koskinen <at>>
 coreutils/install.c | 36 +++++++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/coreutils/install.c b/coreutils/install.c
index 6c88ae1..14d6a4e 100644
--- a/coreutils/install.c
+++ b/coreutils/install.c
 <at>  <at>  -19,6 +19,7  <at>  <at> 
 //usage:     "\n	-o USER	Set ownership"
 //usage:     "\n	-g GRP	Set group ownership"
 //usage:     "\n	-m MODE	Set permissions"
+//usage:     "\n	-t DEST	Set DEST directory"
 //usage:	IF_SELINUX(
 //usage:     "\n	-Z	Set security context"
 //usage:	)
 <at>  <at>  -37,6 +38,7  <at>  <at>  static const char install_longopts[] ALIGN1 =
 	"group\0"               Required_argument "g"
 	"mode\0"                Required_argument "m"
 	"owner\0"               Required_argument "o"
+	"target-directory\0"	Required_argument "t"
 /* autofs build insists of using -b --suffix=.orig */
 /* TODO? (short option for --suffix is -S) */
 <at>  <at>  -113,9 +115,10  <at>  <at>  int install_main(int argc, char **argv)
 		OPT_GROUP         = 1 << 7,
 		OPT_MODE          = 1 << 8,
 		OPT_OWNER         = 1 << 9,
+		OPT_TARGET        = 1 << 10,

 <at>  <at>  -125,8 +128,9  <at>  <at>  int install_main(int argc, char **argv)
 	opt_complementary = "s--d:d--s" IF_FEATURE_INSTALL_LONG_OPTIONS(IF_SELINUX(":Z--\xff:\xff--Z"));
 	/* -c exists for backwards compatibility, it's needed */
 	/* -b is ignored ("make a backup of each existing destination file") */
-	opts = getopt32(argv, "cvb" "Ddpsg:m:o:" IF_SELINUX("Z:"),
-			&gid_str, &mode_str, &uid_str IF_SELINUX(, &scontext));
+	opts = getopt32(argv, "cvb" "Ddpsg:m:o:t:" IF_SELINUX("Z:"),
+			&gid_str, &mode_str, &uid_str, &last
+			IF_SELINUX(, &scontext));
 	argc -= optind;
 	argv += optind;

 <at>  <at>  -160,13 +164,23  <at>  <at>  int install_main(int argc, char **argv)
 	uid = (opts & OPT_OWNER) ? get_ug_id(uid_str, xuname2uid) : getuid();
 	gid = (opts & OPT_GROUP) ? get_ug_id(gid_str, xgroup2gid) : getgid();

-	last = argv[argc - 1];
-	if (!(opts & OPT_DIRECTORY)) {
-		argv[argc - 1] = NULL;
-		min_args++;
-		/* coreutils install resolves link in this case, don't use lstat */
-		isdir = stat(last, &statbuf) < 0 ? 0 : S_ISDIR(statbuf.st_mode);
+	if (opts & OPT_TARGET) {
+		if (opts & OPT_DIRECTORY)
+			bb_error_msg_and_die("-t not allowed with -d");
+		isdir = 1;
+	} else {
+		last = argv[argc - 1];
+		if (!(opts & OPT_DIRECTORY)) {
+			argv[argc - 1] = NULL;
+			min_args++;
+			/*
+			 * coreutils install resolves link in this case, don't
+			 * use lstat
+			 */
+			isdir = stat(last, &statbuf) < 0 ? 0 :
+				S_ISDIR(statbuf.st_mode);
+		}

 	if (argc < min_args)

Michael D. Setzer II | 22 Sep 07:58 2014

Question on busybox and loading firmware?

Was trying to get wireless firmware for IPW2200BG to load, but getting errors 
on boot that it doesn't find firmware? Seems this is coming up during the 
loading of the kernel and before it loads the file system where the firmware is 
located in the /lib/firmware directory. I thought mdev -s might do something, 
but didn't appear to. I did find some messages that talked about a patch to 
busybox regarding firmware, but they were from 2005. 

Never dealt with firmware except when a user had some bnx2x devices that 
needed newer drivers than the kernels included, so I added the whole list 
from the linux-firmware git, and that resolved that users request. Now had a 
user ask about adding wireless support, but the ipw2200 firmware isn't in the 
linux-git since intel seems to restrict it, but as enduser, I can test it.  Have 
asked them, but they pointed me to a web page that points to a page that 
doesn't exist? 

Thanks for any help.

  Michael D. Setzer II -  Computer Science Instructor      
  Guam Community College  Computer Center                  
  mailto:mikes <at>                            
  mailto:msetzerii <at>
  Guam - Where America's Day Begins                        
  G4L Disk Imaging Project maintainer
+----------------------------------------------------------+ (Original)
Number of Seti Units Returned:  19,471
Processing time:  32 years, 290 days, 12 hours, 58 minutes
(Total Hours: 287,489)

ROSETTA     19916728.765824   |   SETI        33798185.993905
ABC         16613838.513356   |   EINSTEIN    33623582.458899
tito | 20 Sep 16:45 2014

[PATCH] addgroup could assign already in use group

while looking at the long username stuff and malloced getpwxx functions
I've noticed a bug in addgroup resulting in assignement of a wrong
(already in use) gid. In the function xgroup_study:

static void xgroup_study(struct group *g)


	/* Check if the desired gid is free
	 * or find the first free one */
	while (1) {
		if (!getgrgid(g->gr_gid)) {

			return; /* found free group: return */


The call to getgrgid can return NULL also in case of error:

       0 or ENOENT or ESRCH or EBADF or EPERM or ...
              The given name or gid was not found.

       EINTR  A signal was caught.

       EIO    I/O error.

       EMFILE The maximum number (OPEN_MAX) of files was open already in the calling process.

       ENFILE The maximum number of files was open already in the system.

       ENOMEM Insufficient memory to allocate group structure.

       ERANGE Insufficient buffer space supplied.

a simple fix would be:

	while (1) {
-		if (!getgrgid(g->gr_gid)) {
+		if (!getgrgid(g->gr_gid) && errno == 0) {

which is tested and works with glibc but this is not optimal because as man page says:

"Experiments on various UNIX-like  systems shows that lots of different values occur in this situation:" 
(entry is not found)
"0, ENOENT, EBADF, ESRCH, EWOULDBLOCK, EPERM and probably others."

A better solution would be to use getgrgid_r but this increases binary size:

 diff -uNp loginutils/addgroup.c.original loginutils/addgroup.c
--- loginutils/addgroup.c.original      2014-08-13 13:56:04.000000000 +0200
+++ loginutils/addgroup.c       2014-09-20 16:32:44.193586505 +0200
 <at>  <at>  -32,7 +32,10  <at>  <at> 
 static void xgroup_study(struct group *g)
        unsigned max = CONFIG_LAST_ID;
+       struct group  *gr;
+       struct group  grp;
+       char buffer[256];
        /* Make sure gr_name is unused */
        if (getgrnam(g->gr_name)) {
                bb_error_msg_and_die("%s '%s' in use", "group", g->gr_name);
 <at>  <at>  -53,8 +56,9  <at>  <at>  static void xgroup_study(struct group *g
        /* Check if the desired gid is free
         * or find the first free one */
        while (1) {
-               if (!getgrgid(g->gr_gid)) {
-                       return; /* found free group: return */
+               if (getgrgid_r(g->gr_gid, &grp, buffer, 256, &gr) == 0) {
+                       if (gr == NULL)
+                               return; /* found free group: return */
                if (option_mask32 & OPT_GID) {
                        /* -g N, cannot pick gid other than N: error */

Attached is a patch with this solution if you think it is worth the effort and size
increase to fix this corner case.

Attachment (addgroup2.patch): text/x-patch, 1021 bytes
busybox mailing list
busybox <at>
Aaro Koskinen | 20 Sep 13:30 2014

Busybox less sometimes ignores newlines in input?


Sometimes when running "git log", busybox less won't display a newline
between commits. This happens when git is slow and less needs to wait
for new input to appear.

A simple reproducer:

(perl -e 'print "\nfoo\n";'; sleep 1; perl -e 'print "\nbar\n";') | less