[OE-core] [PATCH] busybox.inc: Add sanity check to test if the suid binary provides sh
Andrej Valek
andrej.valek at siemens.com
Fri Nov 10 12:16:24 UTC 2017
OK, I am fine with that. So, user will be informed and build will be
stopped.
Andrej
On 11/10/2017 01:10 PM, Burton, Ross wrote:
> *Nobody* wants /bin/sh to be suid root, and its been a recurring theme of
> previous upgrades that a misconfiguration would result in just that.
>
> Ross
>
> On 10 November 2017 at 12:07, Andrej Valek <andrej.valek at siemens.com
> <mailto:andrej.valek at siemens.com>> wrote:
>
> Of course, I don't think so, that /bin/sh > /bin/busybox.suid is a good
> think. I am just thinking, why is necessary to cast a fatal message and
> stop build for some, who wants this.
>
> Andrej
>
> On 11/10/2017 12:57 PM, Burton, Ross wrote:
> > How is /bin/sh being busybox.suid a good thing?
> >
> > Ross
> >
> > On 10 November 2017 at 07:17, Andrej Valek <andrej.valek at siemens.com <mailto:andrej.valek at siemens.com>
> > <mailto:andrej.valek at siemens.com <mailto:andrej.valek at siemens.com>>> wrote:
> >
> > I don't think so, that adding bbfatal into this recipe is a good
> > solution. Someone could build the busybox with /bin/sh linking into
> > .suid eg. for more secure. We can leave live with this one as before.
> >
> > Andrej
> >
> > On 11/09/2017 02:25 PM, Nathan Rossi wrote:
> > > Add a sanity check during the do_compile task to fail if the suid
> > > busybox provides /bin/sh. This is considered as a hard fail since not
> > > only is providing sh as suid problematic for security reasons but also
> > > because the sh configured for suid is less functional than the nosuid
> > > configured sh and breaks a number of required features (e.g. 64-bit
> > > test).
> > >
> > > Signed-off-by: Nathan Rossi <nathan at nathanrossi.com <mailto:nathan at nathanrossi.com>
> > <mailto:nathan at nathanrossi.com <mailto:nathan at nathanrossi.com>>>
> > > Cc: Ross Burton <ross.burton at intel.com
> <mailto:ross.burton at intel.com> <mailto:ross.burton at intel.com
> <mailto:ross.burton at intel.com>>>
> > > ---
> > > meta/recipes-core/busybox/busybox.inc | 6 ++++++
> > > 1 file changed, 6 insertions(+)
> > >
> > > diff --git a/meta/recipes-core/busybox/busybox.inc
> > b/meta/recipes-core/busybox/busybox.inc
> > > index 4012f921c6..157aea3968 100644
> > > --- a/meta/recipes-core/busybox/busybox.inc
> > > +++ b/meta/recipes-core/busybox/busybox.inc
> > > @@ -183,6 +183,12 @@ do_compile() {
> > > oe_runmake busybox.links
> > > mv busybox.links busybox.links.$s
> > > done
> > > +
> > > + # hard fail if sh is being linked to the suid busybox
> > (detects bug 10346)
> > > + if grep -q -x "/bin/sh" busybox.links.suid; then
> > > + bbfatal "busybox suid binary incorrectly
> provides
> > /bin/sh"
> > > + fi
> > > +
> > > # copy .config.orig back to .config, because the install
> > process may check this file
> > > cp .config.orig .config
> > > # cleanup
> > >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core at lists.openembedded.org
> <mailto:Openembedded-core at lists.openembedded.org>
> > <mailto:Openembedded-core at lists.openembedded.org
> <mailto:Openembedded-core at lists.openembedded.org>>
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
> <http://lists.openembedded.org/mailman/listinfo/openembedded-core>
> > <http://lists.openembedded.org/mailman/listinfo/openembedded-core
> <http://lists.openembedded.org/mailman/listinfo/openembedded-core>>
> >
> >
>
>
More information about the Openembedded-core
mailing list