summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2013-06-17 11:20:06 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-06-25 17:44:52 +0100
commit72d5bbe59e4156426bc739582b95c16dceba2818 (patch)
tree4de6df9e5782d0d1fd306b613a6a5d530d85020a
parent3d230db5c46c9f535a7fa478e1fe07be76f69f56 (diff)
downloadpoky-72d5bbe59e4156426bc739582b95c16dceba2818.tar.gz
busybox: enable to list suid and non-suid app configs
This patch, written by Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>, adds the ability to busybox to list configuration items of suid apps and non-suid apps separately. `make busybox.cfg.suid' generates a file containing config items of the suid apps. 'make busybox.cfg.nosuid' generates a file containing config items of the non-suid apps. This patch helps to separate busybox into two binaries, the suid one and the non-suid one. [YOCTO #4207] (From OE-Core rev: 832d1b5575c76f61623f2e0337554287d056422b) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch179
-rw-r--r--meta/recipes-core/busybox/busybox_1.20.2.bb3
2 files changed, 181 insertions, 1 deletions
diff --git a/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch b/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch
new file mode 100644
index 0000000000..753a044481
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox-1.20.2/busybox-list-suid-and-non-suid-app-configs.patch
@@ -0,0 +1,179 @@
1Make busybox have the ability to list configuration items regarding suid
2apps and non-suid apps separately.
3
4From: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
5Date: Mon, 17 Jun 2013 11:06:05 +0800
6Subject: [PATCH] busybox: list suid and non-suid app configs
7
8Upstream-Status: Pending
9
10Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
11
12---
13 Makefile.custom | 4 ++++
14 applets/busybox.mksuid | 53 ++++++++++++++++++++++++++++++++++++++++++++
15 include/applets.src.h | 9 +++++++-
16 scripts/kconfig/confdata.c | 24 ++++++++++++++++----
17 4 files changed, 85 insertions(+), 5 deletions(-)
18 create mode 100644 applets/busybox.mksuid
19
20diff --git a/Makefile.custom b/Makefile.custom
21index 6da79e6..a276d6f 100644
22--- a/Makefile.custom
23+++ b/Makefile.custom
24@@ -4,6 +4,10 @@
25
26 busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
27 $(Q)-$(SHELL) $^ >$@
28+busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
29+ $(Q)-SUID="yes" $(SHELL) $^ > $@
30+busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
31+ $(Q)-SUID="DROP" $(SHELL) $^ > $@
32
33 .PHONY: install
34 ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
35diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
36new file mode 100644
37index 0000000..e11a7a1
38--- /dev/null
39+++ b/applets/busybox.mksuid
40@@ -0,0 +1,53 @@
41+#!/bin/sh
42+# Make list of configuration variables regarding suid handling
43+
44+# input $1: full path to autoconf.h
45+# input $2: full path to applets.h
46+# input $3: full path to .config
47+# output (stdout): list of CONFIG_ that do or may require suid
48+
49+# If the environment variable SUID is not set or set to DROP,
50+# lists all config options that do not require suid permissions.
51+# Otherwise, lists all config options for applets that DO or MAY require
52+# suid permissions.
53+
54+# Maintainer: Bernhard Reutner-Fischer
55+
56+export LC_ALL=POSIX
57+export LC_CTYPE=POSIX
58+
59+CONFIG_H=${1:-include/autoconf.h}
60+APPLETS_H=${2:-include/applets.h}
61+DOT_CONFIG=${3:-.config}
62+
63+case ${SUID:-DROP} in
64+ [dD][rR][oO][pP]) USE="DROP" ;;
65+ *) USE="suid" ;;
66+esac
67+
68+$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
69+ awk -v USE=${USE} '
70+ /^SUID[ \t]/{
71+ if (USE == "DROP") {
72+ if ($2 != "BB_SUID_DROP") next
73+ } else {
74+ if ($2 == "BB_SUID_DROP") next
75+ }
76+ cfg = $NF
77+ gsub("\"", "", cfg)
78+ cfg = substr(cfg, 8)
79+ s[i++] = "CONFIG_" cfg
80+ s[i++] = "CONFIG_FEATURE_" cfg "_.*"
81+ }
82+ END{
83+ while (getline < ARGV[2]) {
84+ for (j in s) {
85+ if ($0 ~ "^" s[j] "=y$") {
86+ sub(/=.*/, "")
87+ print
88+ if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
89+ }
90+ }
91+ }
92+ }
93+' - $DOT_CONFIG
94diff --git a/include/applets.src.h b/include/applets.src.h
95index 02b995b..8386c84 100644
96--- a/include/applets.src.h
97+++ b/include/applets.src.h
98@@ -52,6 +52,12 @@ s - suid type:
99 # define APPLET_NOEXEC(name,main,l,s,name2) LINK l name
100 # define APPLET_NOFORK(name,main,l,s,name2) LINK l name
101
102+#elif defined(MAKE_SUID)
103+# define APPLET(name,l,s) SUID s l name
104+# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
105+# define APPLET_NOEXEC(name,main,l,s,name2) SUID s l name
106+# define APPLET_NOFORK(name,main,l,s,name2) SUID s l name
107+
108 #else
109 static struct bb_applet applets[] = { /* name, main, location, need_suid */
110 # define APPLET(name,l,s) { #name, #name, l, s },
111@@ -414,7 +420,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
112 IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
113 IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
114
115-#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
116+#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
117+ && !defined(MAKE_LINKS) && !defined(MAKE_SUID)
118 };
119 #endif
120
121diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
122index bd2d70e..303df0b 100644
123--- a/scripts/kconfig/confdata.c
124+++ b/scripts/kconfig/confdata.c
125@@ -474,7 +474,11 @@ int conf_write(const char *name)
126 fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
127 /* bbox */
128 fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
129- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
130+ fprintf(out_h, "#ifdef MAKE_SUID\n");
131+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
132+ fprintf(out_h, "#else\n");
133+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
134+ fprintf(out_h, "#endif\n");
135 fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
136 }
137 break;
138@@ -506,7 +510,11 @@ int conf_write(const char *name)
139 fputs("\"\n", out_h);
140 /* bbox */
141 fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
142- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
143+ fprintf(out_h, "#ifdef MAKE_SUID\n");
144+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
145+ fprintf(out_h, "#else\n");
146+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
147+ fprintf(out_h, "#endif\n");
148 fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
149 }
150 break;
151@@ -518,7 +526,11 @@ int conf_write(const char *name)
152 fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
153 /* bbox */
154 fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
155- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
156+ fprintf(out_h, "#ifdef MAKE_SUID\n");
157+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
158+ fprintf(out_h, "#else\n");
159+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
160+ fprintf(out_h, "#endif\n");
161 fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
162 }
163 break;
164@@ -532,7 +544,11 @@ int conf_write(const char *name)
165 fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
166 /* bbox */
167 fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
168- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
169+ fprintf(out_h, "#ifdef MAKE_SUID\n");
170+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
171+ fprintf(out_h, "#else\n");
172+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
173+ fprintf(out_h, "#endif\n");
174 fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
175 }
176 break;
177--
1781.7.9.5
179
diff --git a/meta/recipes-core/busybox/busybox_1.20.2.bb b/meta/recipes-core/busybox/busybox_1.20.2.bb
index 3ff8a88958..a2e762d451 100644
--- a/meta/recipes-core/busybox/busybox_1.20.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.20.2.bb
@@ -36,7 +36,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
36 file://busybox-sulogin-empty-root-password.patch \ 36 file://busybox-sulogin-empty-root-password.patch \
37 file://inetd.conf \ 37 file://inetd.conf \
38 file://inetd \ 38 file://inetd \
39 file://login-utilities.cfg" 39 file://login-utilities.cfg \
40 file://busybox-list-suid-and-non-suid-app-configs.patch"
40 41
41SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c" 42SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c"
42SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882" 43SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882"