You missed my patch for netcat

Rob Landley rob at landley.net
Tue Oct 18 21:32:50 UTC 2005 

My mail server is currently in pieces, so who knows when you'll get this, 
but...

On Tuesday 18 October 2005 07:33, Mihai Buha wrote:

> Then Paul Fox (pgf) came on July 20th and committed all of them to
> busybox trunk:
> Issue #262: Committed revision 10882.
> Issue #263: Committed revision 10883.
> Issue #265: Committed revision 10884.
>
> Then Rob Landley considered them all and said:
> http://busybox.net/lists/busybox/2005-August/015397.html
> "Probably:
> ...
> 10882 tar fix
> 10884, 10920 tail fixes
> ...
> Probably not:
> 10883 nc -e"
>
> And everyone silently agreed! :)

Well I'm the one who put together the 1.0.1 release, and will be putting 
together 1.0.2 as soon as Firmware Linux stops distracting me. :)

Let's see, svn diff -r 10882:10883 is

networking/nc.c:
-#ifdef CONFIG_NC_GAPING_SECURITY_HOLE
-       if (pr00gie) {
-               /* won't need stdin */
-               close(STDIN_FILENO);
-       }
-#endif /* CONFIG_NC_GAPING_SECURITY_HOLE */

I'm under the impression that CONFIG_GAPING_SECURITY_HOLE isn't supported in 
1.0 at all.  (I know the CONFIG entry isn't there in menuconfig.)  Thus it's 
not a 1.0 issue, it's a new feature to go in the 1.1 release (and I'll 
probably declare a 1.1-pre1 by fiat shortly after 1.0.2 ships, if I can get 
Erik to go along with it...)

Let's look at the code...

Ew.

Okay, there's a #define GAPING_SECURITY_HOLE in 1.0 that always forces it on.  
That kind of sucks.  How about if I remove that line?  (Anybody who wants 
this can #define it back on.)

> Today I downloaded busybox 1.01 and saw the crippling bug of netcat was
> not fixed.

Did you ever say what the symptom was?  I don't remember seeing a reproduction 
case.  Lemme see, bug 263...

Yeah, you're using -e, and the bug is basically -e doesn't work in 1.0.1.  Not 
quite sure I'd call it crippling.

Could I get a judgement call here?  Is nc -e a supported feature in 1.0?  (I 
suppose if we're exposing it in nc --help, we'd better make it work...)

I'll add this to my pending to-do list for 1.0.2.  (Which currently has 275 
patches in it I need to sort through for thumbs-up/thumbs-down.  This makes 
#276...)

> So I decided to subscribe to this mailing list so that 10883 would still
> appear
> in busybox 1.02 :)

Alright, it's queued.  Poke me if I haven't gotten at least -rc1 of 1.0.2 out 
this weekend.

Rob

More information about the busybox mailing list