Set sysctl fs.suid_dumpable = 2
This allows suid processes to dump core according to kernel.core_pattern
setting. LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)
Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core. This setting removes an
obscure stumbling block along the way.
>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt
suid_dumpable:
This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are
0 - (default) - traditional behaviour. Any process which has changed
privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
owned by the current user and no security is applied. This is
intended for system debugging situations only. Ptrace is unchecked.
This is insecure as it allows regular users to examine the memory
contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
anyway, but only if the "core_pattern" kernel sysctl is set to
either a pipe handler or a fully qualified path. (For more details
on this limitation, see CVE-2006-2451.) This mode is appropriate
when administrators are attempting to debug problems in a normal
environment, and either have a core dump pipe handler that knows
to treat privileged core dumps with care, or specific directory
defined for catching core dumps. If a core dump happens without
a pipe handler or fully qualifid path, a message will be emitted
to syslog warning about the lack of a correct setting.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
With failsafe disabled there is no point in early network setup. We
don't send announcement over UDP and there is no way to ssh to the
device.
A side effect of this is avoiding a possibly incorrect network config
(only with failsafe disabled). This problem is related to possible
changes made by user in /etc/config/network.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
When processes don't die on SIGKILL (usually because of kernel bugs), it's
better to give up instead of looping forever.
upgraded will trigger a reboot in this case (and if this fails, a hardware
watchdog will eventually time out and reset the system, if present).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
For targets using the generic board detection and board specific
settings in diag.sh, the board name is still unset at the time the
set_state() provided by diag.sh is called by 10_indicate_preinit.
Change the execution order to ensure the boardname is populated before
required the first time. Do the target specific board detection as
early as possible, directly followed by the generic one to allow a
seamless switch to the generic function for populating /tmp/sysinfo/.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Depending on busybox applet selection, paths of basic utiilties may differ,
and may not work as symlinks to busybox. Simply using whatever binary is
found in PATH and detecting symlinks automatically is more robust and
easier to maintain.
The list of binaries is also slightly cleaned up and duplicates are
removed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This is needed for an upcoming change to the hotplug default rules which
will cause /dev/tty* nodes to get assigned to the "tty" group in order
to support unprivileged user access when needed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids. Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other
While at it, fix the scan command checking existence of uid/gid
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The offset and factor are only related for LEDs which can have
different brightness values. But binary LEDs are more common and don't
require any further configuation than setting the factor to 1.
Use offset = 0 and factor = 1 in case nothing else is specified.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Don't pass the value unconditionally to swconfig as a parameter but
instead only call reset if it is 1.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* Change network_get_subnet6() to sensibly guess a suitable prefix
Attempt to return the first non-linklocal, non-ula range, then attempt
to return the first non-linklocal range and finally fall back to the
previous behaviour of simply returning the first found item.
* Fix network_get_ipaddrs_all()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6()
to build a single list of all interface addresses.
* Fix network_get_subnets6()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address
field to figure out the proper network address.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
fetch the effective local IPv6 address of delegated prefix from the
"local-address" field instead of naively hardcoding ":1" as static suffix.
Fixes FS#829.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a
sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this
did not have an effect anymore after the staged sysupgrade changes.
As it doesn't really hurt to copy fw_printenv and fw_setenv
unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2
will see them.
Config copying is moved to a function called by platform_copy_config, where
it belongs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: FS#821
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch is in continuation of: commit 93aa860405
"procd: nand: make it possible to configure kernel and ubi partition"
The $CI_KERNPART variable should be used in place
of the fixed "kernel" partition name. This allows
targets to specifiy alternate names for the kernel
partition.
Cc: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Some functions only used by stage2 are moved there from common.sh.
One piece that could still use more cleanup is platform_pre_upgrade: many
targets reference files from there are aren't available in the ramfs, so
we need to evaluate it before the switch; conversely, flash writes happen
in that function on some targets. Targets that do the latter should be
fixed eventually to use platform_do_upgrade for that purpose.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Support for the -d and -p options is dropped; it may be added again at some
point by adding these flags to the ubus sysupgrade call.
A downside of this is that we get a lot less information about the progress
of the upgrade: as soon as the actual upgrade starts, all shell sessions
are killed to allow unmounting the root filesystem.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.
The procd-nand-firstboot package is removed for now, it may return later
as a separate package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This reverts commit e96a9a9af8.
The change breaks sysupgrade through LuCI and two-stage sysupgrade on
NAND targets. There is also a mismatch of file paths in lock and unlock
operations.
This commit was apparently neither properly tested, nor reviewed, so
drop it for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Bug introduced with 6713694.
I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts
```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```
The service would be restarted regardless of any of those params.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
uci_set_leds_ataport() allows to set a led to show activity
on a specific (s)ata port, which is needed for devices that have
a Sata led for each sata port.
The led trigger is from the 834-ledtrig-libata.patch LEDE kernel patch.
uci_set_leds_usbhost() allows to set a led to show total usb activity.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[Jo-Philipp Wich: use a single underscore to denote private functions]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
create a function with code common to all led functions,
create another function with code common to functions setting
a simple led trigger, restore alphabetical order in function names.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[Jo-Philipp Wich: use a single underscore to denote private functions]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 2036ae4 (base-files: support hostname and ntp servers through board.d)
was supposed to implement these procedures but lacked the required changes
to uci-defaults.sh.
Add the missing procedures now to fix config generation on targets relying
on hostname or NTP server presetting.
Fixes FS#754.
Reported-by: Cristian Morales Vega <cristian@samknows.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This was also working before, with a slightly
different semantic.
[ Original semantic ]
If no reload hooks was implemented, the default one would
kick in, it would return fail, and restart would happen.
This would happen also in the case where a reload hook
would be implemented, it would fail, and it would restart
the service.
[ New semantic ]
The default reload hook calls restart.
Services can implement their own reload.
If reload fails, then the '/etc/init.d/<service> reload'
would return a non-zero code, and the caller can choose
a way to handle this.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Overwrite an already set proto if a new one is passed to
_ucidef_set_interface() similar to what is done for the interface.
It is required when using ""ucidef_set_interface_wan 'ptm0' 'pppoe'"
after some initial wan interface configuration is already done by
ucidef_add_switch.
The "json_is_a protocol string" guard is meant to not reset an earlier
set interface proto in case something like
"ucidef_set_interface_lan 'eth0'" is used afterwards.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When running wifi detect, the user will be told on error output that
wifi detect is deprecated, that wifi config must be used instead. Also
the commit that changes it is referenced for further info.
Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
Since commit 5f8f8a3661 wifi detect does
not longer work and wifi config it's used to configure not yet
configured wireless devices.
This commit changes command usage to reflect that change.
Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
Instead of only using tagged CPU port configurations when more than one VLAN
is present on the switch, always emit tagged configurations unless a board
explicitely opts out of this behaviour by using the previously introduced
[0-9]u@netdev syntax.
Emitting default tagged configurations has the following benefits:
- Relation of switch vlans to netdevs is easier to understand, especially
for multi-cpu-port switches
- Adding additional VLANs (e.g. to break out a LAN port for other purposes)
becomes easier as users are not forced to change the existing untagged
VLAN to tagged and the existing ifname notation from ethX to ethX.Y
anymore, drastly reducing the likelyhood of soft-bricks.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The condition is always true due to the literal string followed the
-n test parameter. A model name set by target scripts always gets
overwritten this way.
Change the condition to check for an already existing destination file
as it was before 5e85ae9 ("base-files: fix error message during boot").
Signed-off-by: Mathias Kresin <dev@kresin.me>
The name will appear in shell prompt and LuCI page title. Uppercase
letters seem to be more vigorous
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
If only a single opkg control file exists (which can happen with
CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead
of forcing it using -H, we just switch to -l (print only file names) and
get rid of the cut.
Add -s to suppress an error message when no control files exist.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Knowing the package architecture at runtime can be useful, e.g. to
configure opkg repository URLs. The value of ARCH_PACKAGES ("%A" in
VERSION_SED) as added to openwrt_release (as DISTRIB_ARCH) and os-release
(as LEDE_ARCH).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
It has never been used by default (due to being too bloated), and it is
properly replaced by usign (which has been the default for a long time
now).
Remove this feature to simplify the build system
Signed-off-by: Felix Fietkau <nbd@nbd.name>
currently (after blogic's edit to my commit) it prints like this:
root@lede:/# service aa
aa does not exist. the following services are available :adblock dnsmasq gpio_switch rpcd system
boot done led sqm uhttpd
crelay dropbear log sysctl umount
cron firewall network sysfixtime urandom_seed
ddns fstab odhcpd sysntpd
which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.
with this commit it looks like this:
root@lede:/# service
service "" not found, the following services are available:
adblock dnsmasq gpio_switch rpcd system
boot done led sqm uhttpd
crelay dropbear log sysctl umount
cron firewall network sysfixtime urandom_seed
ddns fstab odhcpd sysntpd
Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
This adds support for install-overlay define. When used in package it
allows installing files to a special directory that gets copied to the
root when installing it.
It allows overwriting files provided by other packages.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>