Opened 14 years ago
Closed 14 years ago
#435 closed defect (fixed)
tar buffer overflow
Reported by: | chucky | Owned by: | Bruno Cornec |
---|---|---|---|
Priority: | normal | Milestone: | 2.2.9.6 |
Component: | mindi-busybox | Version: | 2.2.9.4 |
Severity: | critical | Keywords: | tar overflow |
Cc: |
Description
When booting from DVD on OpenSuse 11.3, after "Installing additional tools..." tar crashes with:
*** buffer overflow detected ***: tar terminated
Probably busybox's tar has some bugs on newer versions of gcc (-U_FORTIFY_SOURCE=2 ?).
It can be solved by adding system's /bin/tar to /etc/mindi/deplist.txt.
Change History (6)
comment:1 by , 14 years ago
comment:2 by , 14 years ago
Status: | new → assigned |
---|
From mailing list reports, it seems that a more recent busybox can fix this issue.
comment:3 by , 14 years ago
Could you check that the new mindi-busybox made from version 1.18.3 is fixing the issue ?
i'm in process of deliveing the packages for the various distributions, you should have it soon.
comment:4 by , 14 years ago
Milestone: | 2.2.9.5 → 2.2.9.6 |
---|
comment:5 by , 14 years ago
I can confirm that on OpenSuse 11.4 this version don't have tar issue (2.0.7.6 + 1.18.3 + 2.2.9.5). Nevertheless there are two new issues:
- /sbin/blkid was added to busybox, and that cause udev to be using that command. Blkid threads are crashing (and udev writes annoying messages to newt restore screen). Also, whole system is significantly slowed down. I added
rm /sbin/blkid
andkillall -9 blkid
to init script and it works well now. - reboot command is missing
comment:6 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Actually, adding /bin/tar to deps can't solve this. This error message is printed by this statement in install-additional-tools:77
When this fails, no files from all.tar.gz are copied to /, so restore is terminated. I fixed my own mondo fork by this
Awk is relinked because in 11.3 awk is symlink to /etc/alternatives/awk, and from this symlink is linked to /bin/gawk.