You probably kicked yourself out. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Wed Mar 06, 2024 5:01 Post subject:
dale_gribble39 wrote:
No, sleep uses whole numbers.
...
You probably kicked yourself out.
I know sleep needs integers. But that shouldn't have killed the shell session! The Busybox in DD-WRT should have just reported an error and exited gracefully, not exiting the Ash shell.
BTW, I did NOT press the wrong key to "kick...out" myself. It happened just after I entered "sleep 0.5"!
Update:
For the sake of curiosity, Bash did NOT "kick...out" me! I wish this would not become an exploit!
Joined: 05 Oct 2008 Posts: 667 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Wed Mar 06, 2024 9:44 Post subject:
The Netgear XR500 is not a broadcom router, but it exhibits similar behaviour (build 55262). The initial shell is ash (per the banner announcement) and sleep with an invalid argument reports the invalid argument and the session ends right away.
There is apparently no bash, but if you invoke ash in the ssh session, it reports the invalid argument and does not crash.
...
DD-WRT v3.0-r55262 std (c) 2024 NewMedia-NET GmbH
Release: 03/03/24
Board: Netgear XR500
...
==========================================================
The banner says ash, echo $0 reports -sh, but upon the second invocation echo $0 reports ash and so does the error message.
Apparently not all ashes are the same, though.
EDIT: On second thoughts it is likely that in the latter test, where the session didn't end, the sleep command error ended the ash shell invoked from the command line, but as this was not the 'outermost' shell, the ssh session to the router didn't end.
The original bug remains in that the command which produces the error, obviously crashes the shell in addition to printing an error message.
Last edited by ArjenR49 on Wed Mar 06, 2024 12:36; edited 1 time in total
The banner says ash, echo $0 reports -sh, but upon the second invocation echo $0 reports ash and so does the error message.
Apparently not all ashes are the same, though.
I always thought that Busybox's shell was a fully functional Ash shell. Maybe it's wrong. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
ash was first released via a posting to the comp.sources.unix Usenet news group, approved and moderated by Rich Salz on 30 May 1989. It was described as "a reimplementation of the System V shell [with] most features of that shell, plus some additions".[1]
.... more ....
Dash
In 1997 Herbert Xu ported ash from NetBSD to Debian Linux. In September 2002, with release 0.4.1, this port was renamed to Dash (Debian Almquist shell). Xu's main priorities are POSIX conformance and slim implementation.[2]
... more ....
Embedded Linux
Ash (mainly the Dash fork) is also fairly popular in embedded Linux systems. Dash version 0.3.8-5 was incorporated into BusyBox, the catch-all executable often employed in this area, and is used in distributions like DSLinux, Alpine Linux, Tiny Core Linux and Linux-based router firmware such as OpenWrt, Tomato and DD-WRT.
_________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Log a bug in busybox bug tracking. I used to be on the busybox mailing list and people are constantly finding things that fail in ash and some get fixed. Keep in mind that busybox focuses on small size and efficiency not completeness.
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Thu Mar 07, 2024 11:28 Post subject:
yoyoma2 wrote:
Log a bug in busybox bug tracking. I used to be on the busybox mailing list and people are constantly finding things that fail in ash and some get fixed. Keep in mind that busybox focuses on small size and efficiency not completeness.
I know this. But you don't have to abort the shell because of a "." in an optional parameter. Just exit the program with an error message plus an error code, and return control to the shell.
However, I am not sure whether it's DD-WRT or Busybox responsibility. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Mon Mar 11, 2024 12:55 Post subject:
ArjenR49 wrote:
EDIT: On second thoughts it is likely that in the latter test, where the session didn't end, the sleep command error ended the ash shell invoked from the command line, but as this was not the 'outermost' shell, the ssh session to the router didn't end.
The original bug remains in that the command which produces the error, obviously crashes the shell in addition to printing an error message.
So I tried setting the base shell to Bash in /tmp/etc/passwd, and this was what happened:
~ # echo $0
sh
~ # sleep 0.5
sh: invalid number '0.5'
-bash-5.2# echo $0
-bash
-bash-5.2#
Unrelated:
Setting shell to /opt/bin/bash can break scripts written for Busybox Ash, badly! You need to be careful of commands in /usr/bin vs /opt/bin because of $PATH changes in /opt/etc/profile vs /etc/profile! _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!