Bug in busybox base applet?
Denis Vlasenko
vda at ilport.com.ua
Thu Sep 1 09:10:46 UTC 2005
On Thursday 01 September 2005 11:47, Vladimir N. Oleynik wrote:
> > Imagine you accidentally have symlink:
> > ls -> busybox_compiled_without_ls_applet
> > and you decided to look at a dir named 'rm'
> > and at your root dir, reversing the sort order:
> >
> > ls rm -r /
> >
> > I bet you wouldn't like the result.
>
> But in fact it is a standard problem.
> From for it it is extremely undesirable to start programs from the
> current directory. Non busybox specific.
?! where did I run a program from current dir? there is "ls", not "./ls".
My example may happen as follows:
/bin/ls -> /bin/busybox
User replaces /bin/busybox with new busybox binary which does not
have ls applet compiled in. Nothing visibly breaks at first.
Sometime later user types "ls rm -r /" (or the same command gets constructed and
executed by a script) and all files are deleted because busybox executes rm applet
on / recursively.
> But prohibition of use of other version of the busbox will complicate updating.
I like Dirk Clemens <develop at cle-mens.de> idea of restricting "busybox applet [args]"
to "busybox_with_any_suffix" only.
--
vda
More information about the busybox
mailing list