[oe] [PATCH] Fix busybox SUID support
Chris Larson
clarson at kergoth.com
Tue Feb 23 20:23:50 UTC 2010
On Tue, Feb 23, 2010 at 1:14 PM, Tom Rini <tom_rini at mentor.com> wrote:
> On Tue, 2010-02-23 at 11:51 -0800, Khem Raj wrote:
> > On Tue, Feb 23, 2010 at 11:02 AM, Tom Rini <tom_rini at mentor.com> wrote:
> > > I was about to just push this and I noticed that a number of
> > > distributions (SlugOS, Angstrom, Kaelios, micro) currently set
> > > FEATURE_SUID=y, but it's not actually install SUID. And since I recall
> > > some way-back-when's of "busybox SUID is dangerous / crap!", I thought
> > > it best to post the patch first and let folks speak up / ask me to drop
> > > FEATURE_SUID=y when I do this. So, here's the patch:
> > >
> > > diff --git a/recipes/busybox/busybox.inc b/recipes/busybox/busybox.inc
> > > index 5f52850..b165d0f 100644
> > > --- a/recipes/busybox/busybox.inc
> > > +++ b/recipes/busybox/busybox.inc
> > > @@ -11,7 +11,7 @@ LICENSE = "GPL"
> > > SECTION = "base"
> > > PRIORITY = "required"
> > >
> > > -INC_PR = "r24"
> > > +INC_PR = "r25"
> > >
> > > SRC_URI = "\
> > > file://busybox-cron \
> > > @@ -96,7 +96,11 @@ do_install () {
> > > # Install /bin/busybox, and the /bin/sh link so the postinst
> script
> > > # can run. Let update-alternatives handle the rest.
> > > install -d ${D}${base_bindir}
> > > - install -m 0755 ${S}/busybox ${D}${base_bindir}
> > > + if grep -q "CONFIG_FEATURE_SUID=y" ${WORKDIR}/defconfig; then
> >
> > may be you should grep it in ${S}/.config because thats what defconfig
> > turns into finally
> > and used by busybox build.
>
> I'd be fine doing a follow-up to clean them all up, but today
> busybox.inc does all of its checks to ${WORKDIR}/defconfig.
>
> > > + install -m 4755 ${S}/busybox ${D}${base_bindir}
> >
> > what does 4755 translate to ? (curiosity)
>
> 4 is suid (2 is sgid, 1 is i forget the name but what you stick on /tmp
> & such).
Sticky :)
--
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
More information about the Openembedded-devel
mailing list