Make busybox have the ability to list configuration items regarding suid apps and non-suid apps separately. From: Bernhard Reutner-Fischer Date: Mon, 17 Jun 2013 11:06:05 +0800 Subject: [PATCH] busybox: list suid and non-suid app configs Upstream-Status: Pending Signed-off-by: Chen Qi --- Makefile.custom | 4 ++++ applets/busybox.mksuid | 53 ++++++++++++++++++++++++++++++++++++++++++++ include/applets.src.h | 9 +++++++- scripts/kconfig/confdata.c | 24 ++++++++++++++++---- 4 files changed, 85 insertions(+), 5 deletions(-) create mode 100644 applets/busybox.mksuid diff --git a/Makefile.custom b/Makefile.custom index 6da79e6..a276d6f 100644 --- a/Makefile.custom +++ b/Makefile.custom @@ -4,6 +4,10 @@ busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h $(Q)-$(SHELL) $^ >$@ +busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h + $(Q)-SUID="yes" $(SHELL) $^ > $@ +busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h + $(Q)-SUID="DROP" $(SHELL) $^ > $@ .PHONY: install ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y) diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid new file mode 100644 index 0000000..e11a7a1 --- /dev/null +++ b/applets/busybox.mksuid @@ -0,0 +1,53 @@ +#!/bin/sh +# Make list of configuration variables regarding suid handling + +# input $1: full path to autoconf.h +# input $2: full path to applets.h +# input $3: full path to .config +# output (stdout): list of CONFIG_ that do or may require suid + +# If the environment variable SUID is not set or set to DROP, +# lists all config options that do not require suid permissions. +# Otherwise, lists all config options for applets that DO or MAY require +# suid permissions. + +# Maintainer: Bernhard Reutner-Fischer + +export LC_ALL=POSIX +export LC_CTYPE=POSIX + +CONFIG_H=${1:-include/autoconf.h} +APPLETS_H=${2:-include/applets.h} +DOT_CONFIG=${3:-.config} + +case ${SUID:-DROP} in + [dD][rR][oO][pP]) USE="DROP" ;; + *) USE="suid" ;; +esac + +$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H | + awk -v USE=${USE} ' + /^SUID[ \t]/{ + if (USE == "DROP") { + if ($2 != "BB_SUID_DROP") next + } else { + if ($2 == "BB_SUID_DROP") next + } + cfg = $NF + gsub("\"", "", cfg) + cfg = substr(cfg, 8) + s[i++] = "CONFIG_" cfg + s[i++] = "CONFIG_FEATURE_" cfg "_.*" + } + END{ + while (getline < ARGV[2]) { + for (j in s) { + if ($0 ~ "^" s[j] "=y$") { + sub(/=.*/, "") + print + if (s[j] !~ /\*$/) delete s[j] # can drop this applet now + } + } + } + } +' - $DOT_CONFIG diff --git a/include/applets.src.h b/include/applets.src.h index 02b995b..8386c84 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -52,6 +52,12 @@ s - suid type: # define APPLET_NOEXEC(name,main,l,s,name2) LINK l name # define APPLET_NOFORK(name,main,l,s,name2) LINK l name +#elif defined(MAKE_SUID) +# define APPLET(name,l,s) SUID s l name +# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name +# define APPLET_NOEXEC(name,main,l,s,name2) SUID s l name +# define APPLET_NOFORK(name,main,l,s,name2) SUID s l name + #else static struct bb_applet applets[] = { /* name, main, location, need_suid */ # define APPLET(name,l,s) { #name, #name, l, s }, @@ -414,7 +420,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes)) IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat)) IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP)) -#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) +#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \ + && !defined(MAKE_LINKS) && !defined(MAKE_SUID) }; #endif diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c index bd2d70e..303df0b 100644 --- a/scripts/kconfig/confdata.c +++ b/scripts/kconfig/confdata.c @@ -474,7 +474,11 @@ int conf_write(const char *name) fprintf(out_h, "#define CONFIG_%s 1\n", sym->name); /* bbox */ fprintf(out_h, "#define ENABLE_%s 1\n", sym->name); - fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#ifdef MAKE_SUID\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name); + fprintf(out_h, "#else\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#endif\n"); fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name); } break; @@ -506,7 +510,11 @@ int conf_write(const char *name) fputs("\"\n", out_h); /* bbox */ fprintf(out_h, "#define ENABLE_%s 1\n", sym->name); - fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#ifdef MAKE_SUID\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name); + fprintf(out_h, "#else\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#endif\n"); fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name); } break; @@ -518,7 +526,11 @@ int conf_write(const char *name) fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str); /* bbox */ fprintf(out_h, "#define ENABLE_%s 1\n", sym->name); - fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#ifdef MAKE_SUID\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name); + fprintf(out_h, "#else\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#endif\n"); fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name); } break; @@ -532,7 +544,11 @@ int conf_write(const char *name) fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str); /* bbox */ fprintf(out_h, "#define ENABLE_%s 1\n", sym->name); - fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#ifdef MAKE_SUID\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name); + fprintf(out_h, "#else\n"); + fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name); + fprintf(out_h, "#endif\n"); fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name); } break; -- 1.7.9.5