You missed my patch for netcat
Rob Landley
rob at landley.net
Tue Oct 18 21:32:50 UTC 2005
My mail server is currently in pieces, so who knows when you'll get this,
but...
On Tuesday 18 October 2005 07:33, Mihai Buha wrote:
> Then Paul Fox (pgf) came on July 20th and committed all of them to
> busybox trunk:
> Issue #262: Committed revision 10882.
> Issue #263: Committed revision 10883.
> Issue #265: Committed revision 10884.
>
> Then Rob Landley considered them all and said:
> http://busybox.net/lists/busybox/2005-August/015397.html
> "Probably:
> ...
> 10882 tar fix
> 10884, 10920 tail fixes
> ...
> Probably not:
> 10883 nc -e"
>
> And everyone silently agreed! :)
Well I'm the one who put together the 1.0.1 release, and will be putting
together 1.0.2 as soon as Firmware Linux stops distracting me. :)
Let's see, svn diff -r 10882:10883 is
networking/nc.c:
-#ifdef CONFIG_NC_GAPING_SECURITY_HOLE
- if (pr00gie) {
- /* won't need stdin */
- close(STDIN_FILENO);
- }
-#endif /* CONFIG_NC_GAPING_SECURITY_HOLE */
I'm under the impression that CONFIG_GAPING_SECURITY_HOLE isn't supported in
1.0 at all. (I know the CONFIG entry isn't there in menuconfig.) Thus it's
not a 1.0 issue, it's a new feature to go in the 1.1 release (and I'll
probably declare a 1.1-pre1 by fiat shortly after 1.0.2 ships, if I can get
Erik to go along with it...)
Let's look at the code...
Ew.
Okay, there's a #define GAPING_SECURITY_HOLE in 1.0 that always forces it on.
That kind of sucks. How about if I remove that line? (Anybody who wants
this can #define it back on.)
> Today I downloaded busybox 1.01 and saw the crippling bug of netcat was
> not fixed.
Did you ever say what the symptom was? I don't remember seeing a reproduction
case. Lemme see, bug 263...
Yeah, you're using -e, and the bug is basically -e doesn't work in 1.0.1. Not
quite sure I'd call it crippling.
Could I get a judgement call here? Is nc -e a supported feature in 1.0? (I
suppose if we're exposing it in nc --help, we'd better make it work...)
I'll add this to my pending to-do list for 1.0.2. (Which currently has 275
patches in it I need to sort through for thumbs-up/thumbs-down. This makes
#276...)
> So I decided to subscribe to this mailing list so that 10883 would still
> appear
> in busybox 1.02 :)
Alright, it's queued. Poke me if I haven't gotten at least -rc1 of 1.0.2 out
this weekend.
Rob
More information about the busybox
mailing list