busybox: enable to list suid and non-suid app configs

This patch, written by Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>, adds the ability to busybox to list configuration items of suid apps and non-suid apps separately. `make busybox.cfg.suid' generates a file containing config items of the suid apps. 'make busybox.cfg.nosuid' generates a file containing config items of the non-suid apps. This patch helps to separate busybox into two binaries, the suid one and the non-suid one. [YOCTO #4207] (From OE-Core rev: 832d1b5575c76f61623f2e0337554287d056422b) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chen Qi <Qi.Chen@windriver.com> 2013-06-17 11:20:06 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2013-06-25 17:44:52 +0100
commit: 72d5bbe59e4156426bc739582b95c16dceba2818 (patch)
tree: 4de6df9e5782d0d1fd306b613a6a5d530d85020a
parent: 3d230db5c46c9f535a7fa478e1fe07be76f69f56 (diff)
download: poky-72d5bbe59e4156426bc739582b95c16dceba2818.tar.gz
2 files changed, 181 insertions, 1 deletions
diff --git a/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch b/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch
new file mode 100644
index 0000000000..753a044481
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch
@@ -0,0 +1,179 @@
+Make busybox have the ability to list configuration items regarding suid
+apps and non-suid apps separately.
+From: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
+Date: Mon, 17 Jun 2013 11:06:05 +0800
+Subject: [PATCH] busybox: list suid and non-suid app configs
+Upstream-Status: Pending
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ Makefile.custom            |    4 ++++
+ applets/busybox.mksuid     |   53 ++++++++++++++++++++++++++++++++++++++++++++
+ include/applets.src.h      |    9 +++++++-
+ scripts/kconfig/confdata.c |   24 ++++++++++++++++----
+ 4 files changed, 85 insertions(+), 5 deletions(-)
+ create mode 100644 applets/busybox.mksuid
+diff --git a/Makefile.custom b/Makefile.custom
+index 6da79e6..a276d6f 100644
+--- a/Makefile.custom
+++ b/Makefile.custom
+@@ -4,6 +4,10 @@
+ 
+ busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
+        $(Q)-$(SHELL) $^ >$@
+busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+       $(Q)-SUID="yes" $(SHELL) $^ > $@
+busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+       $(Q)-SUID="DROP" $(SHELL) $^ > $@
+ 
+ .PHONY: install
+ ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
+diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
+new file mode 100644
+index 0000000..e11a7a1
+--- /dev/null
+++ b/applets/busybox.mksuid
+@@ -0,0 +1,53 @@
+#!/bin/sh
+# Make list of configuration variables regarding suid handling
+
+# input $1: full path to autoconf.h
+# input $2: full path to applets.h
+# input $3: full path to .config
+# output (stdout): list of CONFIG_ that do or may require suid
+
+# If the environment variable SUID is not set or set to DROP,
+# lists all config options that do not require suid permissions.
+# Otherwise, lists all config options for applets that DO or MAY require
+# suid permissions.
+
+# Maintainer: Bernhard Reutner-Fischer
+
+export LC_ALL=POSIX
+export LC_CTYPE=POSIX
+
+CONFIG_H=${1:-include/autoconf.h}
+APPLETS_H=${2:-include/applets.h}
+DOT_CONFIG=${3:-.config}
+
+case ${SUID:-DROP} in
+    [dD][rR][oO][pP]) USE="DROP" ;;
+    *) USE="suid" ;;
+esac
+
+$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
+  awk -v USE=${USE} '
+    /^SUID[ \t]/{
+      if (USE == "DROP") {
+        if ($2 != "BB_SUID_DROP") next
+      } else {
+        if ($2 == "BB_SUID_DROP") next
+      }
+      cfg = $NF
+      gsub("\"", "", cfg)
+      cfg = substr(cfg, 8)
+      s[i++] = "CONFIG_" cfg
+      s[i++] = "CONFIG_FEATURE_" cfg "_.*"
+    }
+    END{
+      while (getline < ARGV[2]) {
+        for (j in s) {
+          if ($0 ~ "^" s[j] "=y$") {
+            sub(/=.*/, "")
+            print
+            if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
+          }
+        }
+      }
+    }
+' - $DOT_CONFIG
+diff --git a/include/applets.src.h b/include/applets.src.h
+index 02b995b..8386c84 100644
+--- a/include/applets.src.h
+++ b/include/applets.src.h
+@@ -52,6 +52,12 @@ s     - suid type:
+ # define APPLET_NOEXEC(name,main,l,s,name2)  LINK l name
+ # define APPLET_NOFORK(name,main,l,s,name2)  LINK l name
+ 
+#elif defined(MAKE_SUID)
+# define APPLET(name,l,s)                    SUID s l name
+# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
+# define APPLET_NOEXEC(name,main,l,s,name2)  SUID s l name
+# define APPLET_NOFORK(name,main,l,s,name2)  SUID s l name
+
+ #else
+   static struct bb_applet applets[] = { /*    name, main, location, need_suid */
+ # define APPLET(name,l,s)                    { #name, #name, l, s },
+@@ -414,7 +420,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
+ IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
+ IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
+ 
+-#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
+#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
+    && !defined(MAKE_LINKS) && !defined(MAKE_SUID)
+ };
+ #endif
+ 
+diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
+index bd2d70e..303df0b 100644
+--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
+@@ -474,7 +474,11 @@ int conf_write(const char *name)
+                                                fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
+                                                /* bbox */
+                                                fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
+-                                               fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                               fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                               fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                               fprintf(out_h, "#else\n");
+                                               fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                               fprintf(out_h, "#endif\n");
+                                                fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
+                                        }
+                                        break;
+@@ -506,7 +510,11 @@ int conf_write(const char *name)
+                                        fputs("\"\n", out_h);
+                                        /* bbox */
+                                        fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
+-                                       fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                       fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                       fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                       fprintf(out_h, "#else\n");
+                                       fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                       fprintf(out_h, "#endif\n");
+                                        fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
+                                }
+                                break;
+@@ -518,7 +526,11 @@ int conf_write(const char *name)
+                                                fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
+                                                /* bbox */
+                                                fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
+-                                               fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                               fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                               fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                               fprintf(out_h, "#else\n");
+                                               fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                               fprintf(out_h, "#endif\n");
+                                                fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
+                                        }
+                                        break;
+@@ -532,7 +544,11 @@ int conf_write(const char *name)
+                                        fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
+                                        /* bbox */
+                                        fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
+-                                       fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                       fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                       fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                       fprintf(out_h, "#else\n");
+                                       fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                       fprintf(out_h, "#endif\n");
+                                        fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
+                                }
+                                break;
+-- 
+1.7.9.5
diff --git a/meta/recipes-core/busybox/busybox_1.20.2.bb b/meta/recipes-core/busybox/busybox_1.20.2.bb
index 3ff8a88958..a2e762d451 100644
--- a/meta/recipes-core/busybox/busybox_1.20.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.20.2.bb
@@ -36,7 +36,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
           file://busybox-sulogin-empty-root-password.patch \
           file://inetd.conf \
           file://inetd \
-           file://login-utilities.cfg"
+           file://login-utilities.cfg \
+           file://busybox-list-suid-and-non-suid-app-configs.patch"
 SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c"
 SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882"
author	Chen Qi <Qi.Chen@windriver.com>	2013-06-17 11:20:06 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2013-06-25 17:44:52 +0100
commit	72d5bbe59e4156426bc739582b95c16dceba2818 (patch)
tree	4de6df9e5782d0d1fd306b613a6a5d530d85020a
parent	3d230db5c46c9f535a7fa478e1fe07be76f69f56 (diff)
download	poky-72d5bbe59e4156426bc739582b95c16dceba2818.tar.gz

diff --git a/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch b/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch new file mode 100644 index 0000000000..753a044481 --- /dev/null +++ b/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch
@@ -0,0 +1,179 @@
		1	Make busybox have the ability to list configuration items regarding suid
		2	apps and non-suid apps separately.
		3
		4	From: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
		5	Date: Mon, 17 Jun 2013 11:06:05 +0800
		6	Subject: [PATCH] busybox: list suid and non-suid app configs
		7
		8	Upstream-Status: Pending
		9
		10	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		11
		12	---
		13	Makefile.custom \| 4 ++++
		14	applets/busybox.mksuid \| 53 ++++++++++++++++++++++++++++++++++++++++++++
		15	include/applets.src.h \| 9 +++++++-
		16	scripts/kconfig/confdata.c \| 24 ++++++++++++++++----
		17	4 files changed, 85 insertions(+), 5 deletions(-)
		18	create mode 100644 applets/busybox.mksuid
		19
		20	diff --git a/Makefile.custom b/Makefile.custom
		21	index 6da79e6..a276d6f 100644
		22	--- a/Makefile.custom
		23	+++ b/Makefile.custom
		24	@@ -4,6 +4,10 @@
		25
		26	busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
		27	$(Q)-$(SHELL) $^ >$@
		28	+busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
		29	+ $(Q)-SUID="yes" $(SHELL) $^ > $@
		30	+busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
		31	+ $(Q)-SUID="DROP" $(SHELL) $^ > $@
		32
		33	.PHONY: install
		34	ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
		35	diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
		36	new file mode 100644
		37	index 0000000..e11a7a1
		38	--- /dev/null
		39	+++ b/applets/busybox.mksuid
		40	@@ -0,0 +1,53 @@
		41	+#!/bin/sh
		42	+# Make list of configuration variables regarding suid handling
		43	+
		44	+# input $1: full path to autoconf.h
		45	+# input $2: full path to applets.h
		46	+# input $3: full path to .config
		47	+# output (stdout): list of CONFIG_ that do or may require suid
		48	+
		49	+# If the environment variable SUID is not set or set to DROP,
		50	+# lists all config options that do not require suid permissions.
		51	+# Otherwise, lists all config options for applets that DO or MAY require
		52	+# suid permissions.
		53	+
		54	+# Maintainer: Bernhard Reutner-Fischer
		55	+
		56	+export LC_ALL=POSIX
		57	+export LC_CTYPE=POSIX
		58	+
		59	+CONFIG_H=${1:-include/autoconf.h}
		60	+APPLETS_H=${2:-include/applets.h}
		61	+DOT_CONFIG=${3:-.config}
		62	+
		63	+case ${SUID:-DROP} in
		64	+ [dD][rR][oO][pP]) USE="DROP" ;;
		65	+ *) USE="suid" ;;
		66	+esac
		67	+
		68	+$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H \|
		69	+ awk -v USE=${USE} '
		70	+ /^SUID[ \t]/{
		71	+ if (USE == "DROP") {
		72	+ if ($2 != "BB_SUID_DROP") next
		73	+ } else {
		74	+ if ($2 == "BB_SUID_DROP") next
		75	+ }
		76	+ cfg = $NF
		77	+ gsub("\"", "", cfg)
		78	+ cfg = substr(cfg, 8)
		79	+ s[i++] = "CONFIG_" cfg
		80	+ s[i++] = "CONFIG_FEATURE_" cfg "_.*"
		81	+ }
		82	+ END{
		83	+ while (getline < ARGV[2]) {
		84	+ for (j in s) {
		85	+ if ($0 ~ "^" s[j] "=y$") {
		86	+ sub(/=.*/, "")
		87	+ print
		88	+ if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
		89	+ }
		90	+ }
		91	+ }
		92	+ }
		93	+' - $DOT_CONFIG
		94	diff --git a/include/applets.src.h b/include/applets.src.h
		95	index 02b995b..8386c84 100644
		96	--- a/include/applets.src.h
		97	+++ b/include/applets.src.h
		98	@@ -52,6 +52,12 @@ s - suid type:
		99	# define APPLET_NOEXEC(name,main,l,s,name2) LINK l name
		100	# define APPLET_NOFORK(name,main,l,s,name2) LINK l name
		101
		102	+#elif defined(MAKE_SUID)
		103	+# define APPLET(name,l,s) SUID s l name
		104	+# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
		105	+# define APPLET_NOEXEC(name,main,l,s,name2) SUID s l name
		106	+# define APPLET_NOFORK(name,main,l,s,name2) SUID s l name
		107	+
		108	#else
		109	static struct bb_applet applets[] = { /* name, main, location, need_suid */
		110	# define APPLET(name,l,s) { #name, #name, l, s },
		111	@@ -414,7 +420,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
		112	IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
		113	IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
		114
		115	-#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
		116	+#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
		117	+ && !defined(MAKE_LINKS) && !defined(MAKE_SUID)
		118	};
		119	#endif
		120
		121	diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
		122	index bd2d70e..303df0b 100644
		123	--- a/scripts/kconfig/confdata.c
		124	+++ b/scripts/kconfig/confdata.c
		125	@@ -474,7 +474,11 @@ int conf_write(const char *name)
		126	fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
		127	/* bbox */
		128	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
		129	- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
		130	+ fprintf(out_h, "#ifdef MAKE_SUID\n");
		131	+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
		132	+ fprintf(out_h, "#else\n");
		133	+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
		134	+ fprintf(out_h, "#endif\n");
		135	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
		136	}
		137	break;
		138	@@ -506,7 +510,11 @@ int conf_write(const char *name)
		139	fputs("\"\n", out_h);
		140	/* bbox */
		141	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
		142	- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
		143	+ fprintf(out_h, "#ifdef MAKE_SUID\n");
		144	+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
		145	+ fprintf(out_h, "#else\n");
		146	+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
		147	+ fprintf(out_h, "#endif\n");
		148	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
		149	}
		150	break;
		151	@@ -518,7 +526,11 @@ int conf_write(const char *name)
		152	fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
		153	/* bbox */
		154	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
		155	- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
		156	+ fprintf(out_h, "#ifdef MAKE_SUID\n");
		157	+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
		158	+ fprintf(out_h, "#else\n");
		159	+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
		160	+ fprintf(out_h, "#endif\n");
		161	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
		162	}
		163	break;
		164	@@ -532,7 +544,11 @@ int conf_write(const char *name)
		165	fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
		166	/* bbox */
		167	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
		168	- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
		169	+ fprintf(out_h, "#ifdef MAKE_SUID\n");
		170	+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
		171	+ fprintf(out_h, "#else\n");
		172	+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
		173	+ fprintf(out_h, "#endif\n");
		174	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
		175	}
		176	break;
		177	--
		178	1.7.9.5
		179


diff --git a/meta/recipes-core/busybox/busybox_1.20.2.bb b/meta/recipes-core/busybox/busybox_1.20.2.bb index 3ff8a88958..a2e762d451 100644 --- a/meta/recipes-core/busybox/busybox_1.20.2.bb +++ b/meta/recipes-core/busybox/busybox_1.20.2.bb
@@ -36,7 +36,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
36	file://busybox-sulogin-empty-root-password.patch \	36	file://busybox-sulogin-empty-root-password.patch \
37	file://inetd.conf \	37	file://inetd.conf \
38	file://inetd \	38	file://inetd \
39	file://login-utilities.cfg"	39	file://login-utilities.cfg \
		40	file://busybox-list-suid-and-non-suid-app-configs.patch"
40		41
41	SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c"	42	SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c"
42	SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882"	43	SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882"