busybox-1.3.0 features that should be optional, installment 3

Denis Vlasenko vda.linux at googlemail.com
Tue Dec 19 00:27:35 UTC 2006


On Monday 18 December 2006 07:25, sampo at symlabs.com wrote:
> This patch set list a couple of ifdefs to turn off features I do
> not want. I do not know how receptive you are to adding these
> to the menuconfig system, but ideally they should be there.
> If you want, I'll study the menu config system and figure out how
> to put them there. 
> 
> 1. I do not want vi and awk to ever allow users to call system(2).
>   If INHIBIT_SYSTEM is defined at compile time, then system()
>   is not called. If it is not defined, old behaviour
>   happens. 
> 
> 2. Turn some sprintf()s to snprintf()s to silence warnings. Some
>   of these cases may represent remote chance of buffer overrun,
>   but mostly I think the warnings are unwarranted. 
> 
> 3. I do not want any password quality check. It amuses me that
>   it is called "obscure". Defining NO_OBSCURE_PASSWORD_CHECKER
>   gets rid of it. 
> 
> 4. I do not want su to check /etc/shells. Defining
>   DONT_HONOR_ETC_SHELLS gets rid of this feature. 

These options should be inplemented as CONFIG_ options,
and they have to be a "positive" ones. I.e. when you
set them to 'Y', they _enable_ something, not _disable_.

Example:

Index: editors/vi.c
===================================================================
--- editors/vi.c	(revision 16933)
+++ editors/vi.c	(working copy)
@@ -660,7 +660,9 @@
 			dot = find_line(b);	// what line is #b
 			dot_skip_over_ws();
 		}
-	} else if (strncmp((char *) cmd, "!", 1) == 0) {	// run a cmd
+	}
+#if ENABLE_FEATURE_ALLOW_EXEC
+	else if (strncmp((char *) cmd, "!", 1) == 0) {	// run a cmd
 		// :!ls   run the <cmd>
 		(void) alarm(0);		// wait for input- no alarms
 		place_cursor(rows - 1, 0, FALSE);	// go to Status line
@@ -670,7 +672,9 @@
 		rawmode();
 		Hit_Return();			// let user see results
 		(void) alarm(3);		// done waiting for input
-	} else if (strncmp((char *) cmd, "=", i) == 0) {	// where is the address
+	}
+#endif
+	else if (strncmp((char *) cmd, "=", i) == 0) {	// where is the address
 		if (b < 0) {	// no addr given- use defaults
 			b = e = count_lines(text, dot);
 		}
Index: editors/awk.c
===================================================================
--- editors/awk.c	(revision 16933)
+++ editors/awk.c	(working copy)
@@ -2378,7 +2378,8 @@
 
 			  case F_sy:
 				fflush(NULL);
-				R.d = (L.s && *L.s) ? (system(L.s) >> 8) : 0;
+				R.d = (ENABLE_FEATURE_ALLOW_EXEC && L.s && *L.s)
+						? (system(L.s) >> 8) : 0;
 				break;
 
 			  case F_ff:
Index: editors/Config.in
===================================================================
--- editors/Config.in	(revision 16933)
+++ editors/Config.in	(working copy)
@@ -127,5 +127,12 @@
 	  This will make the cursor movement faster, but requires more memory
 	  and it makes the applet a tiny bit larger.
 
+config FEATURE_ALLOW_EXEC
+	bool "Allow vi and awk to execute shell commands"
+	default y
+	depends on VI || AWK
+	help
+	  Enables vi and awk features which allows user to execute
+	  shell commands (using system() C call).
+
 endmenu
-



--
vda



More information about the busybox mailing list