meta/recipes-core/busybox/busybox/busybox-list-suid-and-non-suid-app-configs.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

Make busybox have the ability to list configuration items regarding suid
apps and non-suid apps separately.

From: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Date: Mon, 17 Jun 2013 11:06:05 +0800
Subject: [PATCH] busybox: list suid and non-suid app configs

Upstream-Status: Pending

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>

---
 Makefile.custom            |    4 ++++
 applets/busybox.mksuid     |   53 ++++++++++++++++++++++++++++++++++++++++++++
 include/applets.src.h      |    9 +++++++-
 scripts/kconfig/confdata.c |   24 ++++++++++++++++----
 4 files changed, 85 insertions(+), 5 deletions(-)
 create mode 100644 applets/busybox.mksuid

diff --git a/Makefile.custom b/Makefile.custom
index 6da79e6..a276d6f 100644
--- a/Makefile.custom
+++ b/Makefile.custom
@@ -4,6 +4,10 @@
 
 busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
 	$(Q)-$(SHELL) $^ >$@
+busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+	$(Q)-SUID="yes" $(SHELL) $^ > $@
+busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+	$(Q)-SUID="DROP" $(SHELL) $^ > $@
 
 .PHONY: install
 ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
new file mode 100644
index 0000000..e11a7a1
--- /dev/null
+++ b/applets/busybox.mksuid
@@ -0,0 +1,53 @@
+#!/bin/sh
+# Make list of configuration variables regarding suid handling
+
+# input $1: full path to autoconf.h
+# input $2: full path to applets.h
+# input $3: full path to .config
+# output (stdout): list of CONFIG_ that do or may require suid
+
+# If the environment variable SUID is not set or set to DROP,
+# lists all config options that do not require suid permissions.
+# Otherwise, lists all config options for applets that DO or MAY require
+# suid permissions.
+
+# Maintainer: Bernhard Reutner-Fischer
+
+export LC_ALL=POSIX
+export LC_CTYPE=POSIX
+
+CONFIG_H=${1:-include/autoconf.h}
+APPLETS_H=${2:-include/applets.h}
+DOT_CONFIG=${3:-.config}
+
+case ${SUID:-DROP} in
+    [dD][rR][oO][pP]) USE="DROP" ;;
+    *) USE="suid" ;;
+esac
+
+$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
+  awk -v USE=${USE} '
+    /^SUID[ \t]/{
+      if (USE == "DROP") {
+        if ($2 != "BB_SUID_DROP") next
+      } else {
+        if ($2 == "BB_SUID_DROP") next
+      }
+      cfg = $NF
+      gsub("\"", "", cfg)
+      cfg = substr(cfg, 8)
+      s[i++] = "CONFIG_" cfg
+      s[i++] = "CONFIG_FEATURE_" cfg "_.*"
+    }
+    END{
+      while (getline < ARGV[2]) {
+        for (j in s) {
+          if ($0 ~ "^" s[j] "=y$") {
+            sub(/=.*/, "")
+            print
+            if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
+          }
+        }
+      }
+    }
+' - $DOT_CONFIG
diff --git a/include/applets.src.h b/include/applets.src.h
index 02b995b..8386c84 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -52,6 +52,12 @@ s     - suid type:
 # define APPLET_NOEXEC(name,main,l,s,name2)  LINK l name
 # define APPLET_NOFORK(name,main,l,s,name2)  LINK l name
 
+#elif defined(MAKE_SUID)
+# define APPLET(name,l,s)                    SUID s l name
+# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
+# define APPLET_NOEXEC(name,main,l,s,name2)  SUID s l name
+# define APPLET_NOFORK(name,main,l,s,name2)  SUID s l name
+
 #else
   static struct bb_applet applets[] = { /*    name, main, location, need_suid */
 # define APPLET(name,l,s)                    { #name, #name, l, s },
@@ -414,7 +420,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
 IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
 IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
 
-#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
+#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
+    && !defined(MAKE_LINKS) && !defined(MAKE_SUID)
 };
 #endif
 
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index bd2d70e..303df0b 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -474,7 +474,11 @@ int conf_write(const char *name)
 						fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
 						/* bbox */
 						fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-						fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+						fprintf(out_h, "#ifdef MAKE_SUID\n");
+						fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+						fprintf(out_h, "#else\n");
+						fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+						fprintf(out_h, "#endif\n");
 						fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
 					}
 					break;
@@ -506,7 +510,11 @@ int conf_write(const char *name)
 					fputs("\"\n", out_h);
 					/* bbox */
 					fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-					fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+					fprintf(out_h, "#ifdef MAKE_SUID\n");
+					fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+					fprintf(out_h, "#else\n");
+					fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+					fprintf(out_h, "#endif\n");
 					fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
 				}
 				break;
@@ -518,7 +526,11 @@ int conf_write(const char *name)
 						fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
 						/* bbox */
 						fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-						fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+						fprintf(out_h, "#ifdef MAKE_SUID\n");
+						fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+						fprintf(out_h, "#else\n");
+						fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+						fprintf(out_h, "#endif\n");
 						fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
 					}
 					break;
@@ -532,7 +544,11 @@ int conf_write(const char *name)
 					fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
 					/* bbox */
 					fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-					fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+					fprintf(out_h, "#ifdef MAKE_SUID\n");
+					fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+					fprintf(out_h, "#else\n");
+					fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+					fprintf(out_h, "#endif\n");
 					fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
 				}
 				break;
-- 
1.7.9.5