buildsys: Add helper to list suid applets

Add a helper script that lists all applets that - do or may require SUID provileges (busybox.cfg.suid) - do not require SUID provileges (busybox.cfg.nosuid) Some setups prefer to build two busybox binaries, one that is suid which contains all applets that do or may require suid privileges, and a second one for all the rest (which drops suid). To ease splitting these two binaries, generate a list of CONFIG_ items for the suid binary. Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
author: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> 2013-06-10 17:08:22 +0200
committer: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> 2013-07-26 13:39:46 +0200
commit: 9078633feeb129d679c97d900807ef2d5b253b65 (patch)
tree: 153f82ae904f01bcba2edd6197b7f5995a013a05
parent: 7801148a816a2ab1c2f9437c8992c86722361147 (diff)
download: busybox-w32-9078633feeb129d679c97d900807ef2d5b253b65.tar.gz
busybox-w32-9078633feeb129d679c97d900807ef2d5b253b65.tar.bz2
busybox-w32-9078633feeb129d679c97d900807ef2d5b253b65.zip
4 files changed, 88 insertions, 6 deletions
diff --git a/Makefile.custom b/Makefile.custom
index 6da79e6e4..3561e5768 100644
--- a/Makefile.custom
+++ b/Makefile.custom
@@ -3,7 +3,12 @@
 # ==========================================================================
 busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
-        $(Q)-$(SHELL) $^ >$@
+        $(Q)-$(SHELL) $^ > $@
+busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+        $(Q)-SUID="yes" $(SHELL) $^ > $@
+busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+        $(Q)-SUID="DROP" $(SHELL) $^ > $@
 .PHONY: install
 ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
new file mode 100755
index 000000000..6492c079a
--- /dev/null
+++ b/applets/busybox.mksuid
@@ -0,0 +1,54 @@
+#!/bin/sh
+# Make list of configuration variables regarding suid handling
+# input $1: full path to autoconf.h
+# input $2: full path to applets.h
+# input $3: full path to .config
+# output (stdout): list of CONFIG_ that do or may require suid
+# If the environment variable SUID is not set or set to DROP,
+# lists all config options that do not require suid permissions.
+# Otherwise, lists all config options for applets that DO or MAY require
+# suid permissions.
+# Maintainer: Bernhard Reutner-Fischer
+export LC_ALL=POSIX
+export LC_CTYPE=POSIX
+CONFIG_H=${1:-include/autoconf.h}
+APPLETS_H=${2:-include/applets.h}
+DOT_CONFIG=${3:-.config}
+case ${SUID:-DROP} in
+[dD][rR][oO][pP]) USE="DROP" ;;
+*) USE="suid" ;;
+esac
+$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
+  awk -v USE=${USE} '
+    /^SUID[ \t]/{
+      if (USE == "DROP") {
+        if ($2 != "BB_SUID_DROP") next
+      } else {
+        if ($2 == "BB_SUID_DROP") next
+      }
+      cfg = $NF
+      gsub("\"", "", cfg)
+      cfg = substr(cfg, 8)
+      s[i++] = "CONFIG_" cfg
+      s[i++] = "CONFIG_FEATURE_" cfg "_.*"
+    }
+    END{
+      while (getline < ARGV[2]) {
+        for (j in s) {
+          if ($0 ~ "^" s[j] "=y$") {
+            sub(/=.*/, "")
+            print
+            if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
+          }
+        }
+      }
+    }
+' - $DOT_CONFIG
diff --git a/include/applets.src.h b/include/applets.src.h
index 00172b1bc..aa319bbc9 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -52,6 +52,12 @@ s     - suid type:
 # define APPLET_NOEXEC(name,main,l,s,name2)  LINK l name
 # define APPLET_NOFORK(name,main,l,s,name2)  LINK l name
+#elif defined(MAKE_SUID)
+# define APPLET(name,l,s)                    SUID s l name
+# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
+# define APPLET_NOEXEC(name,main,l,s,name2)  SUID s l name
+# define APPLET_NOFORK(name,main,l,s,name2)  SUID s l name
 #else
  static struct bb_applet applets[] = { /*    name, main, location, need_suid */
 # define APPLET(name,l,s)                    { #name, #name, l, s },
@@ -415,7 +421,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
 IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
 IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
-#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
+#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
+        && !defined(MAKE_LINKS) && !defined(MAKE_SUID)
 };
 #endif
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index bd2d70e19..303df0be7 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -474,7 +474,11 @@ int conf_write(const char *name)
                                                fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
                                                /* bbox */
                                                fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-                                                fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                                fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                                fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                                fprintf(out_h, "#else\n");
+                                                fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                                fprintf(out_h, "#endif\n");
                                                fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
                                        }
                                        break;
@@ -506,7 +510,11 @@ int conf_write(const char *name)
                                        fputs("\"\n", out_h);
                                        /* bbox */
                                        fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-                                        fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                        fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                        fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                        fprintf(out_h, "#else\n");
+                                        fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                        fprintf(out_h, "#endif\n");
                                        fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
                                }
                                break;
@@ -518,7 +526,11 @@ int conf_write(const char *name)
                                                fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
                                                /* bbox */
                                                fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-                                                fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                                fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                                fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                                fprintf(out_h, "#else\n");
+                                                fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                                fprintf(out_h, "#endif\n");
                                                fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
                                        }
                                        break;
@@ -532,7 +544,11 @@ int conf_write(const char *name)
                                        fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
                                        /* bbox */
                                        fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-                                        fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                        fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                        fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                        fprintf(out_h, "#else\n");
+                                        fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                        fprintf(out_h, "#endif\n");
                                        fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
                                }
                                break;
author	Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>	2013-06-10 17:08:22 +0200
committer	Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>	2013-07-26 13:39:46 +0200
commit	9078633feeb129d679c97d900807ef2d5b253b65 (patch)
tree	153f82ae904f01bcba2edd6197b7f5995a013a05
parent	7801148a816a2ab1c2f9437c8992c86722361147 (diff)
download	busybox-w32-9078633feeb129d679c97d900807ef2d5b253b65.tar.gz busybox-w32-9078633feeb129d679c97d900807ef2d5b253b65.tar.bz2 busybox-w32-9078633feeb129d679c97d900807ef2d5b253b65.zip

diff --git a/Makefile.custom b/Makefile.custom index 6da79e6e4..3561e5768 100644 --- a/Makefile.custom +++ b/Makefile.custom
@@ -3,7 +3,12 @@
3	# ==========================================================================	3	# ==========================================================================
4		4
5	busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h	5	busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
6	$(Q)-$(SHELL) $^ >$@	6	$(Q)-$(SHELL) $^ > $@
		7
		8	busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
		9	$(Q)-SUID="yes" $(SHELL) $^ > $@
		10	busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
		11	$(Q)-SUID="DROP" $(SHELL) $^ > $@
7		12
8	.PHONY: install	13	.PHONY: install
9	ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)	14	ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)


diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid new file mode 100755 index 000000000..6492c079a --- /dev/null +++ b/applets/busybox.mksuid
@@ -0,0 +1,54 @@
		1	#!/bin/sh
		2	# Make list of configuration variables regarding suid handling
		3
		4	# input $1: full path to autoconf.h
		5	# input $2: full path to applets.h
		6	# input $3: full path to .config
		7	# output (stdout): list of CONFIG_ that do or may require suid
		8
		9	# If the environment variable SUID is not set or set to DROP,
		10	# lists all config options that do not require suid permissions.
		11	# Otherwise, lists all config options for applets that DO or MAY require
		12	# suid permissions.
		13
		14	# Maintainer: Bernhard Reutner-Fischer
		15
		16	export LC_ALL=POSIX
		17	export LC_CTYPE=POSIX
		18
		19	CONFIG_H=${1:-include/autoconf.h}
		20	APPLETS_H=${2:-include/applets.h}
		21	DOT_CONFIG=${3:-.config}
		22
		23	case ${SUID:-DROP} in
		24	[dD][rR][oO][pP]) USE="DROP" ;;
		25	*) USE="suid" ;;
		26	esac
		27
		28	$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H \|
		29	awk -v USE=${USE} '
		30	/^SUID[ \t]/{
		31	if (USE == "DROP") {
		32	if ($2 != "BB_SUID_DROP") next
		33	} else {
		34	if ($2 == "BB_SUID_DROP") next
		35	}
		36	cfg = $NF
		37	gsub("\"", "", cfg)
		38	cfg = substr(cfg, 8)
		39	s[i++] = "CONFIG_" cfg
		40	s[i++] = "CONFIG_FEATURE_" cfg "_.*"
		41	}
		42	END{
		43	while (getline < ARGV[2]) {
		44	for (j in s) {
		45	if ($0 ~ "^" s[j] "=y$") {
		46	sub(/=.*/, "")
		47	print
		48	if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
		49	}
		50	}
		51	}
		52	}
		53	' - $DOT_CONFIG
		54


diff --git a/include/applets.src.h b/include/applets.src.h index 00172b1bc..aa319bbc9 100644 --- a/include/applets.src.h +++ b/include/applets.src.h
@@ -52,6 +52,12 @@ s - suid type:
52	# define APPLET_NOEXEC(name,main,l,s,name2) LINK l name	52	# define APPLET_NOEXEC(name,main,l,s,name2) LINK l name
53	# define APPLET_NOFORK(name,main,l,s,name2) LINK l name	53	# define APPLET_NOFORK(name,main,l,s,name2) LINK l name
54		54
		55	#elif defined(MAKE_SUID)
		56	# define APPLET(name,l,s) SUID s l name
		57	# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
		58	# define APPLET_NOEXEC(name,main,l,s,name2) SUID s l name
		59	# define APPLET_NOFORK(name,main,l,s,name2) SUID s l name
		60
55	#else	61	#else
56	static struct bb_applet applets[] = { /* name, main, location, need_suid */	62	static struct bb_applet applets[] = { /* name, main, location, need_suid */
57	# define APPLET(name,l,s) { #name, #name, l, s },	63	# define APPLET(name,l,s) { #name, #name, l, s },
@@ -415,7 +421,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
415	IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))	421	IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
416	IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))	422	IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
417		423
418	#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)	424	#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
		425	&& !defined(MAKE_LINKS) && !defined(MAKE_SUID)
419	};	426	};
420	#endif	427	#endif
421		428


diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c index bd2d70e19..303df0be7 100644 --- a/scripts/kconfig/confdata.c +++ b/scripts/kconfig/confdata.c
@@ -474,7 +474,11 @@ int conf_write(const char *name)
474	fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);	474	fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
475	/* bbox */	475	/* bbox */
476	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);	476	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
477	fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);	477	fprintf(out_h, "#ifdef MAKE_SUID\n");
		478	fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
		479	fprintf(out_h, "#else\n");
		480	fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
		481	fprintf(out_h, "#endif\n");
478	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);	482	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
479	}	483	}
480	break;	484	break;
@@ -506,7 +510,11 @@ int conf_write(const char *name)
506	fputs("\"\n", out_h);	510	fputs("\"\n", out_h);
507	/* bbox */	511	/* bbox */
508	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);	512	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
509	fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);	513	fprintf(out_h, "#ifdef MAKE_SUID\n");
		514	fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
		515	fprintf(out_h, "#else\n");
		516	fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
		517	fprintf(out_h, "#endif\n");
510	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);	518	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
511	}	519	}
512	break;	520	break;
@@ -518,7 +526,11 @@ int conf_write(const char *name)
518	fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);	526	fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
519	/* bbox */	527	/* bbox */
520	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);	528	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
521	fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);	529	fprintf(out_h, "#ifdef MAKE_SUID\n");
		530	fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
		531	fprintf(out_h, "#else\n");
		532	fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
		533	fprintf(out_h, "#endif\n");
522	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);	534	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
523	}	535	}
524	break;	536	break;
@@ -532,7 +544,11 @@ int conf_write(const char *name)
532	fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);	544	fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
533	/* bbox */	545	/* bbox */
534	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);	546	fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
535	fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);	547	fprintf(out_h, "#ifdef MAKE_SUID\n");
		548	fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
		549	fprintf(out_h, "#else\n");
		550	fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
		551	fprintf(out_h, "#endif\n");
536	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);	552	fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
537	}	553	}
538	break;	554	break;