summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBernhard Reutner-Fischer <rep.dot.nop@gmail.com>2013-06-10 15:08:22 (GMT)
committer Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>2013-07-26 11:39:46 (GMT)
commit9078633feeb129d679c97d900807ef2d5b253b65 (patch)
tree153f82ae904f01bcba2edd6197b7f5995a013a05
parent7801148a816a2ab1c2f9437c8992c86722361147 (diff)
downloadbusybox-9078633feeb129d679c97d900807ef2d5b253b65.tar.gz
busybox-9078633feeb129d679c97d900807ef2d5b253b65.tar.bz2
buildsys: Add helper to list suid applets
Add a helper script that lists all applets that - do or may require SUID provileges (busybox.cfg.suid) - do not require SUID provileges (busybox.cfg.nosuid) Some setups prefer to build two busybox binaries, one that is suid which contains all applets that do or may require suid privileges, and a second one for all the rest (which drops suid). To ease splitting these two binaries, generate a list of CONFIG_ items for the suid binary. Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
-rw-r--r--Makefile.custom7
-rwxr-xr-xapplets/busybox.mksuid54
-rw-r--r--include/applets.src.h9
-rw-r--r--scripts/kconfig/confdata.c24
4 files changed, 88 insertions, 6 deletions
diff --git a/Makefile.custom b/Makefile.custom
index 6da79e6..3561e57 100644
--- a/Makefile.custom
+++ b/Makefile.custom
@@ -3,7 +3,12 @@
# ==========================================================================
busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
- $(Q)-$(SHELL) $^ >$@
+ $(Q)-$(SHELL) $^ > $@
+
+busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+ $(Q)-SUID="yes" $(SHELL) $^ > $@
+busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+ $(Q)-SUID="DROP" $(SHELL) $^ > $@
.PHONY: install
ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
new file mode 100755
index 0000000..6492c07
--- /dev/null
+++ b/applets/busybox.mksuid
@@ -0,0 +1,54 @@
+#!/bin/sh
+# Make list of configuration variables regarding suid handling
+
+# input $1: full path to autoconf.h
+# input $2: full path to applets.h
+# input $3: full path to .config
+# output (stdout): list of CONFIG_ that do or may require suid
+
+# If the environment variable SUID is not set or set to DROP,
+# lists all config options that do not require suid permissions.
+# Otherwise, lists all config options for applets that DO or MAY require
+# suid permissions.
+
+# Maintainer: Bernhard Reutner-Fischer
+
+export LC_ALL=POSIX
+export LC_CTYPE=POSIX
+
+CONFIG_H=${1:-include/autoconf.h}
+APPLETS_H=${2:-include/applets.h}
+DOT_CONFIG=${3:-.config}
+
+case ${SUID:-DROP} in
+[dD][rR][oO][pP]) USE="DROP" ;;
+*) USE="suid" ;;
+esac
+
+$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
+ awk -v USE=${USE} '
+ /^SUID[ \t]/{
+ if (USE == "DROP") {
+ if ($2 != "BB_SUID_DROP") next
+ } else {
+ if ($2 == "BB_SUID_DROP") next
+ }
+ cfg = $NF
+ gsub("\"", "", cfg)
+ cfg = substr(cfg, 8)
+ s[i++] = "CONFIG_" cfg
+ s[i++] = "CONFIG_FEATURE_" cfg "_.*"
+ }
+ END{
+ while (getline < ARGV[2]) {
+ for (j in s) {
+ if ($0 ~ "^" s[j] "=y$") {
+ sub(/=.*/, "")
+ print
+ if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
+ }
+ }
+ }
+ }
+' - $DOT_CONFIG
+
diff --git a/include/applets.src.h b/include/applets.src.h
index 00172b1..aa319bb 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -52,6 +52,12 @@ s - suid type:
# define APPLET_NOEXEC(name,main,l,s,name2) LINK l name
# define APPLET_NOFORK(name,main,l,s,name2) LINK l name
+#elif defined(MAKE_SUID)
+# define APPLET(name,l,s) SUID s l name
+# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
+# define APPLET_NOEXEC(name,main,l,s,name2) SUID s l name
+# define APPLET_NOFORK(name,main,l,s,name2) SUID s l name
+
#else
static struct bb_applet applets[] = { /* name, main, location, need_suid */
# define APPLET(name,l,s) { #name, #name, l, s },
@@ -415,7 +421,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
-#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
+#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
+ && !defined(MAKE_LINKS) && !defined(MAKE_SUID)
};
#endif
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index bd2d70e..303df0b 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -474,7 +474,11 @@ int conf_write(const char *name)
fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
/* bbox */
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#ifdef MAKE_SUID\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+ fprintf(out_h, "#else\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#endif\n");
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
}
break;
@@ -506,7 +510,11 @@ int conf_write(const char *name)
fputs("\"\n", out_h);
/* bbox */
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#ifdef MAKE_SUID\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+ fprintf(out_h, "#else\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#endif\n");
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
}
break;
@@ -518,7 +526,11 @@ int conf_write(const char *name)
fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
/* bbox */
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#ifdef MAKE_SUID\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+ fprintf(out_h, "#else\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#endif\n");
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
}
break;
@@ -532,7 +544,11 @@ int conf_write(const char *name)
fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
/* bbox */
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#ifdef MAKE_SUID\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+ fprintf(out_h, "#else\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#endif\n");
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
}
break;