[oe] [PATCH] Fix busybox SUID support

[Tom Rini]

On Tue, 2010-02-23 at 11:51 -0800, Khem Raj wrote:
> On Tue, Feb 23, 2010 at 11:02 AM, Tom Rini <tom_rini at mentor.com> wrote:
> > I was about to just push this and I noticed that a number of
> > distributions (SlugOS, Angstrom, Kaelios, micro) currently set
> > FEATURE_SUID=y, but it's not actually install SUID.  And since I recall
> > some way-back-when's of "busybox SUID is dangerous / crap!", I thought
> > it best to post the patch first and let folks speak up / ask me to drop
> > FEATURE_SUID=y when I do this.  So, here's the patch:
> >
> > diff --git a/recipes/busybox/busybox.inc b/recipes/busybox/busybox.inc
> > index 5f52850..b165d0f 100644
> > --- a/recipes/busybox/busybox.inc
> > +++ b/recipes/busybox/busybox.inc
> > @@ -11,7 +11,7 @@ LICENSE = "GPL"
> >  SECTION = "base"
> >  PRIORITY = "required"
> >
> > -INC_PR = "r24"
> > +INC_PR = "r25"
> >
> >  SRC_URI = "\
> >   file://busybox-cron \
> > @@ -96,7 +96,11 @@ do_install () {
> >        # Install /bin/busybox, and the /bin/sh link so the postinst script
> >        # can run. Let update-alternatives handle the rest.
> >        install -d ${D}${base_bindir}
> > -       install -m 0755 ${S}/busybox ${D}${base_bindir}
> > +       if grep -q "CONFIG_FEATURE_SUID=y" ${WORKDIR}/defconfig; then
> 
> may be you should grep it in ${S}/.config because thats what defconfig
> turns into finally
> and used by busybox build.

I'd be fine doing a follow-up to clean them all up, but today
busybox.inc does all of its checks to ${WORKDIR}/defconfig.

> > +               install -m 4755 ${S}/busybox ${D}${base_bindir}
> 
> what does 4755 translate to ? (curiosity)

4 is suid (2 is sgid, 1 is i forget the name but what you stick on /tmp
& such).

-- 
Tom Rini <tom_rini at mentor.com>
Mentor Graphics Corporation