diff options
author | Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | 2013-06-10 17:08:22 +0200 |
---|---|---|
committer | Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | 2013-07-26 13:39:46 +0200 |
commit | 9078633feeb129d679c97d900807ef2d5b253b65 (patch) | |
tree | 153f82ae904f01bcba2edd6197b7f5995a013a05 | |
parent | 7801148a816a2ab1c2f9437c8992c86722361147 (diff) | |
download | busybox-9078633feeb129d679c97d900807ef2d5b253b65.tar.gz |
buildsys: Add helper to list suid applets
Add a helper script that lists all applets that
- do or may require SUID provileges (busybox.cfg.suid)
- do not require SUID provileges (busybox.cfg.nosuid)
Some setups prefer to build two busybox binaries, one that is suid which
contains all applets that do or may require suid privileges, and a
second one for all the rest (which drops suid). To ease splitting these
two binaries, generate a list of CONFIG_ items for the suid binary.
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
-rw-r--r-- | Makefile.custom | 7 | ||||
-rwxr-xr-x | applets/busybox.mksuid | 54 | ||||
-rw-r--r-- | include/applets.src.h | 9 | ||||
-rw-r--r-- | scripts/kconfig/confdata.c | 24 |
4 files changed, 88 insertions, 6 deletions
diff --git a/Makefile.custom b/Makefile.custom index 6da79e6e4..3561e5768 100644 --- a/Makefile.custom +++ b/Makefile.custom @@ -3,7 +3,12 @@ # ========================================================================== busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h - $(Q)-$(SHELL) $^ >$@ + $(Q)-$(SHELL) $^ > $@ + +busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h + $(Q)-SUID="yes" $(SHELL) $^ > $@ +busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h + $(Q)-SUID="DROP" $(SHELL) $^ > $@ .PHONY: install ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y) diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid new file mode 100755 index 000000000..6492c079a --- /dev/null +++ b/applets/busybox.mksuid @@ -0,0 +1,54 @@ +#!/bin/sh +# Make list of configuration variables regarding suid handling + +# input $1: full path to autoconf.h +# input $2: full path to applets.h +# input $3: full path to .config +# output (stdout): list of CONFIG_ that do or may require suid + +# If the environment variable SUID is not set or set to DROP, +# lists all config options that do not require suid permissions. +# Otherwise, lists all config options for applets that DO or MAY require +# suid permissions. + +# Maintainer: Bernhard Reutner-Fischer + +export LC_ALL=POSIX +export LC_CTYPE=POSIX + +CONFIG_H=${1:-include/autoconf.h} +APPLETS_H=${2:-include/applets.h} +DOT_CONFIG=${3:-.config} + +case ${SUID:-DROP} in +[dD][rR][oO][pP]) USE="DROP" ;; +*) USE="suid" ;; +esac + +$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H | + awk -v USE=${USE} ' + /^SUID[ \t]/{ + if (USE == "DROP") { + if ($2 != "BB_SUID_DROP") next + } else { + if ($2 == "BB_SUID_DROP") next + } + cfg = $NF + gsub("\"", "", cfg) + cfg = substr(cfg, 8) + s[i++] = "CONFIG_" cfg + s[i++] = "CONFIG_FEATURE_" cfg "_.*" + } + END{ + while (getline < ARGV[2]) { + for (j in s) { + if ($0 ~ "^" s[j] "=y$") { + sub(/=.*/, "") + print + if (s[j] !~ /\*$/) delete s[j] # can drop this applet now + } + } + } + } +' - $DOT_CONFIG + diff --git a/include/applets.src.h b/include/applets.src.h index 00172b1bc..aa319bbc9 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -52,6 +52,12 @@ s - suid type: # define APPLET_NOEXEC(name,main,l,s,name2) LINK l name # define APPLET_NOFORK(name,main,l,s,name2) LINK l name +#elif defined(MAKE_SUID) +# define APPLET(name,l,s) SUID s l name +# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name +# define APPLET_NOEXEC(name,main,l,s,name2) SUID s l name +# define APPLET_NOFORK(name,main,l,s,name2) SUID s l name + #else static struct bb_applet applets[] = { /* name, main, location, need_suid */ # define APPLET(name,l,s) { #name, #name, l, s }, @@ -415,7 +421,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes)) IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat)) IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP)) -#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) +#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \ + && !defined(MAKE_LINKS) && !defined(MAKE_SUID) }; #endif diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c index bd2d70e19..303df0be7 100644 --- a/scripts/kconfig/confdata.c +++ b/scripts/kconfig/confdata.c @@ -474,7 +474,11 @@ int conf_write(const char *name) fprintf(out_h, "#define CONFIG_%s 1\n", sym->name); /* bbox */ fprintf(out_h, "#define ENABLE_%s 1\n", sym->name); - fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#ifdef MAKE_SUID\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name); + fprintf(out_h, "#else\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#endif\n"); fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name); } break; @@ -506,7 +510,11 @@ int conf_write(const char *name) fputs("\"\n", out_h); /* bbox */ fprintf(out_h, "#define ENABLE_%s 1\n", sym->name); - fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#ifdef MAKE_SUID\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name); + fprintf(out_h, "#else\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#endif\n"); fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name); } break; @@ -518,7 +526,11 @@ int conf_write(const char *name) fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str); /* bbox */ fprintf(out_h, "#define ENABLE_%s 1\n", sym->name); - fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#ifdef MAKE_SUID\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name); + fprintf(out_h, "#else\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#endif\n"); fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name); } break; @@ -532,7 +544,11 @@ int conf_write(const char *name) fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str); /* bbox */ fprintf(out_h, "#define ENABLE_%s 1\n", sym->name); - fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#ifdef MAKE_SUID\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name); + fprintf(out_h, "#else\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#endif\n"); fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name); } break; |