mirror of
https://github.com/sheumann/hush.git
synced 2024-11-19 23:31:39 +00:00
buildsys: Add helper to list suid applets
Add a helper script that lists all applets that - do or may require SUID provileges (busybox.cfg.suid) - do not require SUID provileges (busybox.cfg.nosuid) Some setups prefer to build two busybox binaries, one that is suid which contains all applets that do or may require suid privileges, and a second one for all the rest (which drops suid). To ease splitting these two binaries, generate a list of CONFIG_ items for the suid binary. Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
This commit is contained in:
parent
7801148a81
commit
9078633fee
@ -3,7 +3,12 @@
|
|||||||
# ==========================================================================
|
# ==========================================================================
|
||||||
|
|
||||||
busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
|
busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
|
||||||
$(Q)-$(SHELL) $^ >$@
|
$(Q)-$(SHELL) $^ > $@
|
||||||
|
|
||||||
|
busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
|
||||||
|
$(Q)-SUID="yes" $(SHELL) $^ > $@
|
||||||
|
busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
|
||||||
|
$(Q)-SUID="DROP" $(SHELL) $^ > $@
|
||||||
|
|
||||||
.PHONY: install
|
.PHONY: install
|
||||||
ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
|
ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
|
||||||
|
54
applets/busybox.mksuid
Executable file
54
applets/busybox.mksuid
Executable file
@ -0,0 +1,54 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Make list of configuration variables regarding suid handling
|
||||||
|
|
||||||
|
# input $1: full path to autoconf.h
|
||||||
|
# input $2: full path to applets.h
|
||||||
|
# input $3: full path to .config
|
||||||
|
# output (stdout): list of CONFIG_ that do or may require suid
|
||||||
|
|
||||||
|
# If the environment variable SUID is not set or set to DROP,
|
||||||
|
# lists all config options that do not require suid permissions.
|
||||||
|
# Otherwise, lists all config options for applets that DO or MAY require
|
||||||
|
# suid permissions.
|
||||||
|
|
||||||
|
# Maintainer: Bernhard Reutner-Fischer
|
||||||
|
|
||||||
|
export LC_ALL=POSIX
|
||||||
|
export LC_CTYPE=POSIX
|
||||||
|
|
||||||
|
CONFIG_H=${1:-include/autoconf.h}
|
||||||
|
APPLETS_H=${2:-include/applets.h}
|
||||||
|
DOT_CONFIG=${3:-.config}
|
||||||
|
|
||||||
|
case ${SUID:-DROP} in
|
||||||
|
[dD][rR][oO][pP]) USE="DROP" ;;
|
||||||
|
*) USE="suid" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
|
||||||
|
awk -v USE=${USE} '
|
||||||
|
/^SUID[ \t]/{
|
||||||
|
if (USE == "DROP") {
|
||||||
|
if ($2 != "BB_SUID_DROP") next
|
||||||
|
} else {
|
||||||
|
if ($2 == "BB_SUID_DROP") next
|
||||||
|
}
|
||||||
|
cfg = $NF
|
||||||
|
gsub("\"", "", cfg)
|
||||||
|
cfg = substr(cfg, 8)
|
||||||
|
s[i++] = "CONFIG_" cfg
|
||||||
|
s[i++] = "CONFIG_FEATURE_" cfg "_.*"
|
||||||
|
}
|
||||||
|
END{
|
||||||
|
while (getline < ARGV[2]) {
|
||||||
|
for (j in s) {
|
||||||
|
if ($0 ~ "^" s[j] "=y$") {
|
||||||
|
sub(/=.*/, "")
|
||||||
|
print
|
||||||
|
if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
' - $DOT_CONFIG
|
||||||
|
|
@ -52,6 +52,12 @@ s - suid type:
|
|||||||
# define APPLET_NOEXEC(name,main,l,s,name2) LINK l name
|
# define APPLET_NOEXEC(name,main,l,s,name2) LINK l name
|
||||||
# define APPLET_NOFORK(name,main,l,s,name2) LINK l name
|
# define APPLET_NOFORK(name,main,l,s,name2) LINK l name
|
||||||
|
|
||||||
|
#elif defined(MAKE_SUID)
|
||||||
|
# define APPLET(name,l,s) SUID s l name
|
||||||
|
# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
|
||||||
|
# define APPLET_NOEXEC(name,main,l,s,name2) SUID s l name
|
||||||
|
# define APPLET_NOFORK(name,main,l,s,name2) SUID s l name
|
||||||
|
|
||||||
#else
|
#else
|
||||||
static struct bb_applet applets[] = { /* name, main, location, need_suid */
|
static struct bb_applet applets[] = { /* name, main, location, need_suid */
|
||||||
# define APPLET(name,l,s) { #name, #name, l, s },
|
# define APPLET(name,l,s) { #name, #name, l, s },
|
||||||
@ -415,7 +421,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
|
|||||||
IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
|
IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
|
||||||
IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
|
IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
|
||||||
|
|
||||||
#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
|
#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
|
||||||
|
&& !defined(MAKE_LINKS) && !defined(MAKE_SUID)
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -474,7 +474,11 @@ int conf_write(const char *name)
|
|||||||
fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
|
fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
|
||||||
/* bbox */
|
/* bbox */
|
||||||
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
|
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
|
||||||
fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
|
fprintf(out_h, "#ifdef MAKE_SUID\n");
|
||||||
|
fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
|
||||||
|
fprintf(out_h, "#else\n");
|
||||||
|
fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
|
||||||
|
fprintf(out_h, "#endif\n");
|
||||||
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
|
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -506,7 +510,11 @@ int conf_write(const char *name)
|
|||||||
fputs("\"\n", out_h);
|
fputs("\"\n", out_h);
|
||||||
/* bbox */
|
/* bbox */
|
||||||
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
|
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
|
||||||
fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
|
fprintf(out_h, "#ifdef MAKE_SUID\n");
|
||||||
|
fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
|
||||||
|
fprintf(out_h, "#else\n");
|
||||||
|
fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
|
||||||
|
fprintf(out_h, "#endif\n");
|
||||||
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
|
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -518,7 +526,11 @@ int conf_write(const char *name)
|
|||||||
fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
|
fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
|
||||||
/* bbox */
|
/* bbox */
|
||||||
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
|
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
|
||||||
fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
|
fprintf(out_h, "#ifdef MAKE_SUID\n");
|
||||||
|
fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
|
||||||
|
fprintf(out_h, "#else\n");
|
||||||
|
fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
|
||||||
|
fprintf(out_h, "#endif\n");
|
||||||
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
|
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -532,7 +544,11 @@ int conf_write(const char *name)
|
|||||||
fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
|
fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
|
||||||
/* bbox */
|
/* bbox */
|
||||||
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
|
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
|
||||||
fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
|
fprintf(out_h, "#ifdef MAKE_SUID\n");
|
||||||
|
fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
|
||||||
|
fprintf(out_h, "#else\n");
|
||||||
|
fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
|
||||||
|
fprintf(out_h, "#endif\n");
|
||||||
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
|
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user