busybox-1.3.0 features that should be optional, installment 3
Denis Vlasenko
vda.linux at googlemail.com
Tue Dec 19 00:27:35 UTC 2006
On Monday 18 December 2006 07:25, sampo at symlabs.com wrote:
> This patch set list a couple of ifdefs to turn off features I do
> not want. I do not know how receptive you are to adding these
> to the menuconfig system, but ideally they should be there.
> If you want, I'll study the menu config system and figure out how
> to put them there.
>
> 1. I do not want vi and awk to ever allow users to call system(2).
> If INHIBIT_SYSTEM is defined at compile time, then system()
> is not called. If it is not defined, old behaviour
> happens.
>
> 2. Turn some sprintf()s to snprintf()s to silence warnings. Some
> of these cases may represent remote chance of buffer overrun,
> but mostly I think the warnings are unwarranted.
>
> 3. I do not want any password quality check. It amuses me that
> it is called "obscure". Defining NO_OBSCURE_PASSWORD_CHECKER
> gets rid of it.
>
> 4. I do not want su to check /etc/shells. Defining
> DONT_HONOR_ETC_SHELLS gets rid of this feature.
These options should be inplemented as CONFIG_ options,
and they have to be a "positive" ones. I.e. when you
set them to 'Y', they _enable_ something, not _disable_.
Example:
Index: editors/vi.c
===================================================================
--- editors/vi.c (revision 16933)
+++ editors/vi.c (working copy)
@@ -660,7 +660,9 @@
dot = find_line(b); // what line is #b
dot_skip_over_ws();
}
- } else if (strncmp((char *) cmd, "!", 1) == 0) { // run a cmd
+ }
+#if ENABLE_FEATURE_ALLOW_EXEC
+ else if (strncmp((char *) cmd, "!", 1) == 0) { // run a cmd
// :!ls run the <cmd>
(void) alarm(0); // wait for input- no alarms
place_cursor(rows - 1, 0, FALSE); // go to Status line
@@ -670,7 +672,9 @@
rawmode();
Hit_Return(); // let user see results
(void) alarm(3); // done waiting for input
- } else if (strncmp((char *) cmd, "=", i) == 0) { // where is the address
+ }
+#endif
+ else if (strncmp((char *) cmd, "=", i) == 0) { // where is the address
if (b < 0) { // no addr given- use defaults
b = e = count_lines(text, dot);
}
Index: editors/awk.c
===================================================================
--- editors/awk.c (revision 16933)
+++ editors/awk.c (working copy)
@@ -2378,7 +2378,8 @@
case F_sy:
fflush(NULL);
- R.d = (L.s && *L.s) ? (system(L.s) >> 8) : 0;
+ R.d = (ENABLE_FEATURE_ALLOW_EXEC && L.s && *L.s)
+ ? (system(L.s) >> 8) : 0;
break;
case F_ff:
Index: editors/Config.in
===================================================================
--- editors/Config.in (revision 16933)
+++ editors/Config.in (working copy)
@@ -127,5 +127,12 @@
This will make the cursor movement faster, but requires more memory
and it makes the applet a tiny bit larger.
+config FEATURE_ALLOW_EXEC
+ bool "Allow vi and awk to execute shell commands"
+ default y
+ depends on VI || AWK
+ help
+ Enables vi and awk features which allows user to execute
+ shell commands (using system() C call).
+
endmenu
-
--
vda
More information about the busybox
mailing list