Set sysctl fs.suid_dumpable = 2
This allows suid processes to dump core according to kernel.core_pattern
setting. LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)
Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core. This setting removes an
obscure stumbling block along the way.
>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt
suid_dumpable:
This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are
0 - (default) - traditional behaviour. Any process which has changed
privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
owned by the current user and no security is applied. This is
intended for system debugging situations only. Ptrace is unchecked.
This is insecure as it allows regular users to examine the memory
contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
anyway, but only if the "core_pattern" kernel sysctl is set to
either a pipe handler or a fully qualified path. (For more details
on this limitation, see CVE-2006-2451.) This mode is appropriate
when administrators are attempting to debug problems in a normal
environment, and either have a core dump pipe handler that knows
to treat privileged core dumps with care, or specific directory
defined for catching core dumps. If a core dump happens without
a pipe handler or fully qualifid path, a message will be emitted
to syslog warning about the lack of a correct setting.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids. Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other
While at it, fix the scan command checking existence of uid/gid
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
fetch the effective local IPv6 address of delegated prefix from the
"local-address" field instead of naively hardcoding ":1" as static suffix.
Fixes FS#829.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.
The procd-nand-firstboot package is removed for now, it may return later
as a separate package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Properly stop/start services on upgrade, but don't change the enabled
state.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Use fwtool to extract it, only require metadata to be present if the
platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1
Image metadata is in JSON format and contains a list of supported
devices, along with version information that could be displayed by a UI
later before the actual upgrade happens.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.
All other fs_ variables were never used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
/etc/os-release is the standard distribution release information
file, therefore add it (and image configuration options for
fields not previously present in LEDE). Once it is deemed
reasonable the non-standard openwrt_release, openwrt_version,
and device_info files could be removed (that is with this patch
we consider them deprecated in favour of the standard file).
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Increase the default system log buffer size
from 16 kB (built-in default in ubox logd)
to 64 kB by setting the option in /etc/config/system.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
If the user sets any preinit options in .config, the wrong path may get
applied due to wrong default value in image-config.in and due to Makefile
writing also the unchanged options into 00_preinit.conf
Modify the default path in image-config.in to match the current default
path set by r47080. Also modify the fall-back default in Makefile.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 47590
This changes makes it possible to store custom settings
in individual files inside the directory /etc/sysctl.d/.
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 46239
create user:group before running postinst-pkg. the postinst hook might require
the user:group to already exist.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 43472
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
When looking for the first ipaddr also consider the current prefix just
like network_get_ipaddrs6 does. If ipv6-address was empty the function
did not return the first ipaddr even if the list was non-empty.
fixes commit 83e9122f88a002871d5cdf421cf6aa6052b7e006
Signed-off-by: Henning Schild <henning@hennsch.de>
SVN-Revision: 42139
Make sure they don't break the sed command, and also make device_info
and openwrt_release more robust for parsing by scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41885
Creates /etc/device_info which will be used to fill in information for
WPS and other protocols that need manufacturer/device information
This helps with creating OpenWrt firmware for OEM or rebranded devices.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41884
Switches /lib/functions/network.sh from jshn based json parsing to
jsonfilter expression while keeping the existing api.
Expensive methods like "network_find_wan" are up to 20x faster now.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41281
Before this patch, doing `/e/c/network restart' will emit the folloing
error by `ubus network.wireless down "{}"' because netifd already quit
by that time.
Command failed: not found
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 40906
It was introduced in commit 2f966e8, "base-files: add a post start hook
for procd managed services".
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 40576
In commit r38690, the MAC address canonicalization
has been converted to use 'tr' instead of 'printf'.
This only works if with MAC addresses which uses
the 'xx:xx:xx:xx:xx:xx' format.
However on some boards, the MAC addresses are stored
in different format in the mtd partition. Some vendors
are using hyphens or dots as separators instead of
colons. Also the leading zeroes may be missing from the
individual octets or those are replaced with spaces.
Add a new function which can be used to convert these
into the 'xx:xx:xx:xx:xx:xx' format. Also update the
'mtd_get_mac_ascii' function to use the new helper.
The helper function is based on this code:
http://isquared.nl/blog/2010/08/11/Bash-function-to-canonicalize-MAC-addresses/
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 38803
The mtd_get_mac_ascii utility function was broken. This fixes it.
- Remove the superfluous include of /lib/functions.sh. The
function is already in that file so it is pointless,
- only use a variable if the whole key word matches,
- don't try to process the MAC address if it is empty,
- use 'tr' to canonicalize the MAC address,
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[juhosg: add more fixes, update commit message]
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 38690
With eglibc, "ldd busybox" give us
libcrypt.so.1 => /lib/libcrypt.so.1 (0x774be000)
libm.so.6 => /lib/libm.so.6 (0x773e4000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x773c0000)
libc.so.6 => /lib/libc.so.6 (0x77276000)
/lib/ld.so.1 (0x774fe000)
Thus /lib/ld.so.1 is not printed by the libs fonction and isn't copied to the 'new' root before pivot root
libs() { ldd $* | awk '{print $3}'; }
https://dev.openwrt.org/browser/trunk/package/base-files/files/lib/upgrade/common.sh
With uclibc the last line of "ldd busybox" is
ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x77ada000)
Don't know for musl!
This patch replace https://dev.openwrt.org/changeset/19167, as glibc is gone
The other way around is to rework libs()
Please apply the fix (mine or another) on trunk and AA
Might fix https://dev.openwrt.org/ticket/12273
Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 36107
Currently, most platforms define such helpers in their own diag.sh
implementation with almost identical code. By factoring out the
common ground it's possible to simplify maintainability and
homogenize the haptics over multiple platforms (so far as is
reasonably practicable, in a next step).
[juhosg:
- fix led_set_attr parameters in led_timer
- add led_morse and status_led_set_morse helpers
- add status_led_blink_{preinit,failsafe} helpers]
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 35648
- support reading inactive gateways and DNS information in
network_get_gateway(), network_get_dnsserver() and network_get_dnssearch()
by passing "true" as optional last argument
- internally cache fetched values to speed up subsequent accesses to the same
data, introduce network_flush_cache() to clear them
- add some inline function documentation
SVN-Revision: 34722
Write "delay" and "message" options to their respective files,
allowing Morse code message configuration through UCI.
The delay (dit length) defaults to 150ms (about 8 words per minute,
suitable for beginners).
Signed-off-by: Petr Viktorin <encukou@gmail.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34380
Busybox built against musl-libc will choke on these otherwise, besides that
it is more natural to use the filesystem type, then options, then name, then
mountpoint.
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 34308
Without this, /etc/init.d/led will try to set the non-existing 'rssi' trigger.
This doesn't harm as the kernel will refuse this setting, but it outputs some
ugly log-lines:
Jun 24 10:15:19 OpenWrt user.info sysinit: setting up led RSSILOW
Jun 24 10:15:19 OpenWrt user.info sysinit: sh: write error: Invalid argument
...
In order to avoid this, skip LEDs with trigger = "rssi" in /etc/init.d/led
Signed-off-by: Daniel Golle <dgolle@allnet.de>
SVN-Revision: 33717
When standalone ldd is selected in config the binary is installed in /usr/bin/ldd.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 32891
The available placeholders are:
%D .. Replace with $(CONFIG_VERSION_DIST), default to "OpenWrt"
%d .. Like %D, but all characters made lowercase and spaces substituted with "_" (e.g. "openwrt")
%N .. Replace with $(CONFIG_VERSION_NICK), default to the build tree release (e.g. "Attitude Adjustment")
%n .. Like %N, but all characters made lowercase and spaces substituted with "_" (e.g. "attitude_adjustment")
%V .. Replace with $(CONFIG_VERSION_NUMBER), default to the build tree release (e.g. "r31262")
%v .. Like %V, but all characters made lowercase and spaces substituted with "_"
%C .. Replace with $(CONFIG_VERSION_NUMBER), default to "Bleeding Edge"
%c .. Like %C, but all characters made lowercase and spaces substituted with "_" (e.g. "bleeding_edge")
%U .. Replace with $(CONFIG_VERSION_REPO), default to "http://downloads.openwrt.org/snapshots/trunk/%T/packages"
%R .. Replace with the current build tree revision (e.g. "r31262" or "75488c4a05b8033cf69e91874a61852db7ba9c6c")
%T .. Replace with the current target (e.g. "ar71xx")
%S .. Replace with the current target/subtarget combo (e.g. "adm5120/router_le")
SVN-Revision: 31262
* add service_check function for checking if a process is alive
* add service_signal for sending arbitrary signals to a process
* change service_stop to send a TERM signal first, wait for the process to die and send a KILL signal if it doen't
* have service_kill print a warning on STDERR stating it has been deprecated
SVN-Revision: 28865
Adds symlinks for printf and wc to make life happier in the sysupgrade ramdisk.
Also make code more readable by escaping that overly long line.
Signed-off-by: Daniel Golle <dgolle@allnet.de>
SVN-Revision: 28616
The changeset modifies the "ifup" command to search for related wireless
devices and call "wifi up" on them if applicable. This way the commands for
wireless and non-wireless interfaces are unified from a cli point of view.
The "ifup -a" case has not been changed to keep the logic of the
/etc/init.d/network boot sequence. This might be changed later.
Solves #9763.
SVN-Revision: 27720