When deciding where the previous hash should come from, is is
assumed that 'x' started strings all mean to look in shadow.
This is probably harmless in practice, since modern Linux still
use only hashes instead of raw passwords.
However, this is more robust, and more importantly, it is more
consistent with the previous check, which explicitly tests for
the string to be "x".
When running as root, passwd attempts to compare the new password to
the old password, without having grabbed the old passwd.
This checks if the previous password hash was grabbed before comparing
it against the new password hash.
Musl libc realpath implementation calls readlink on a procfs
path it computes via __procfdname (code at [1] & [2]).
This is problematic if ubase mount is used in a PID 1 because procfs
is not mounted and the kernel passes the rootfs mounted read-only, so
the first step is to read-write remount the rootfs, which can't be
done because procfs is not mounted. Thus we are in a dependency cycle:
procfs can't be mounted because the root is read-only and so on.
To break this cycle, don't call readlink on "/" (it doesn't really make
sense anyway) so the rootfs can be remounted read-write, after which
proc itself can be mounted and the rest of mount calls will succeed
so systems running ubase + musl can succesfully boot into userspace.
[1] https://git.musl-libc.org/cgit/musl/tree/src/misc/realpath.c?h=v1.1.19
[2] https://git.musl-libc.org/cgit/musl/tree/src/internal/procfdname.c?h=v1.1.19
Signed-off-by: Ioan-Adrian Ratiu <adi@adirat.com>
By setting the SIGINT handler with sigaction(2), automatic retries of
the splice(2) syscall can be disabled by not setting SA_RESTART. This
makes it possible to use Ctrl+C even if the "if" operand refers to the
controlling terminal. The SIGINT message has also been moved outside
the signal handler since fprintf(3) is not an async-signal-safe
function.
If a mount helper is used, only argopts (given on commandline) are
passed to the helper via -o parameter. Option strings from fstab are
ignored.
This patch replaces global argopts pointer with a character array
fsopts. A maximum length for filesytem options is #defined (used by
fsopts and data), and argument/mntent options are length-checked to fit.
A filesystem with too long an option string will print an error, cause
mount to exit with an error status, and not attempt to mount the
filesystem. This obviates the need for overflow checking of data in
parseopts(), though it hasn't been removed.
To be honest, I had a little misunderstanding of the fallocate(1)-
utility.
It turns out that it only adds preallocated space if the length
exceeds the size of an already existing file.
No truncation happens.
Thus, I fixed the wording accordingly.
1) Simplify the manpage. Just refer to fallocate(2) and stop trying
to list supported file systems. This can change and everbody
with common sense can bring up the relevant manpages of a given
operating system himself.
Use the num-semantics.
2) Use estrtonum() instead of estrtol().
3) Allow multiple arguments.
Reword manpage to be more general (you do not only eject CD-ROM-drives,
but BluRay-drives, floppy drives, LaserDisk-readers, toaster, whatever).
Allow to specify multiple devices in the command line. Doesn't add
LOC (the few more lines added are due to stricter error-checking)
and might become handy for somebody in the future while not
breaking scripts that assume only one argument.
Crying like GNU coreutils when more than one device is given is
not suckless:
$ eject /dev/sr0 /dev/sr1
eject: too many arguments
- helper support (mount.type).
- helpers need to be in $PATH, if needed we can add a check for
/sbin/mount.XXXX
- pass -B, -M, -R to helper, its more reliable to pass these named
options with -o however.
- allow prefix "no" for which type no action should be taken:
mount -a -t nonfs,ext4
fix bugs:
- dont modify me->mnt_opts (used strtok).
