buildsys: Add helper to list suid applets

Add a helper script that lists all applets that
- do or may require SUID provileges (busybox.cfg.suid)
- do not require SUID provileges (busybox.cfg.nosuid)

Some setups prefer to build two busybox binaries, one that is suid which
contains all applets that do or may require suid privileges, and a
second one for all the rest (which drops suid). To ease splitting these
two binaries, generate a list of CONFIG_ items for the suid binary.

Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>

diff --git a/Makefile.custom b/Makefile.custom
index 6da79e6e46dd8879744162ec100a8a528965fab7..3561e57687ca32bf9d6019db4c273d8f950bf3be 100644 (file)
--- a/Makefile.custom
+++ b/Makefile.custom
@@ -3,7 +3,12 @@
 # ==========================================================================
 
 busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
-       $(Q)-$(SHELL) $^ >$@
+       $(Q)-$(SHELL) $^ > $@
+
+busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+       $(Q)-SUID="yes" $(SHELL) $^ > $@
+busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+       $(Q)-SUID="DROP" $(SHELL) $^ > $@
 
 .PHONY: install
 ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)

diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
new file mode 100755 (executable)
index 0000000..6492c07
--- /dev/null
+++ b/applets/busybox.mksuid
@@ -0,0 +1,54 @@
+#!/bin/sh
+# Make list of configuration variables regarding suid handling
+
+# input $1: full path to autoconf.h
+# input $2: full path to applets.h
+# input $3: full path to .config
+# output (stdout): list of CONFIG_ that do or may require suid
+
+# If the environment variable SUID is not set or set to DROP,
+# lists all config options that do not require suid permissions.
+# Otherwise, lists all config options for applets that DO or MAY require
+# suid permissions.
+
+# Maintainer: Bernhard Reutner-Fischer
+
+export LC_ALL=POSIX
+export LC_CTYPE=POSIX
+
+CONFIG_H=${1:-include/autoconf.h}
+APPLETS_H=${2:-include/applets.h}
+DOT_CONFIG=${3:-.config}
+
+case ${SUID:-DROP} in
+[dD][rR][oO][pP]) USE="DROP" ;;
+*) USE="suid" ;;
+esac
+
+$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
+  awk -v USE=${USE} '
+    /^SUID[ \t]/{
+      if (USE == "DROP") {
+        if ($2 != "BB_SUID_DROP") next
+      } else {
+        if ($2 == "BB_SUID_DROP") next
+      }
+      cfg = $NF
+      gsub("\"", "", cfg)
+      cfg = substr(cfg, 8)
+      s[i++] = "CONFIG_" cfg
+      s[i++] = "CONFIG_FEATURE_" cfg "_.*"
+    }
+    END{
+      while (getline < ARGV[2]) {
+        for (j in s) {
+          if ($0 ~ "^" s[j] "=y$") {
+            sub(/=.*/, "")
+            print
+            if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
+          }
+        }
+      }
+    }
+' - $DOT_CONFIG
+

diff --git a/include/applets.src.h b/include/applets.src.h
index 00172b1bc0050925c723abcbc01dc179abed06f7..aa319bbc974067dfe2ba81919c5433b586bd981d 100644 (file)
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -52,6 +52,12 @@ s     - suid type:
 # define APPLET_NOEXEC(name,main,l,s,name2)  LINK l name
 # define APPLET_NOFORK(name,main,l,s,name2)  LINK l name
 
+#elif defined(MAKE_SUID)
+# define APPLET(name,l,s)                    SUID s l name
+# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
+# define APPLET_NOEXEC(name,main,l,s,name2)  SUID s l name
+# define APPLET_NOFORK(name,main,l,s,name2)  SUID s l name
+
 #else
   static struct bb_applet applets[] = { /*    name, main, location, need_suid */
 # define APPLET(name,l,s)                    { #name, #name, l, s },
@@ -415,7 +421,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
 IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
 IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
 
-#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
+#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
+       && !defined(MAKE_LINKS) && !defined(MAKE_SUID)
 };
 #endif
 

diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index bd2d70e19e50311290c541a2451f1dbb18e8a9f8..303df0be7295b450976265b8003649d0e279a436 100644 (file)
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -474,7 +474,11 @@ int conf_write(const char *name)
                                                fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
                                                /* bbox */
                                                fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-                                               fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                               fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                               fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                               fprintf(out_h, "#else\n");
+                                               fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                               fprintf(out_h, "#endif\n");
                                                fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
                                        }
                                        break;
@@ -506,7 +510,11 @@ int conf_write(const char *name)
                                        fputs("\"\n", out_h);
                                        /* bbox */
                                        fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-                                       fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                       fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                       fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                       fprintf(out_h, "#else\n");
+                                       fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                       fprintf(out_h, "#endif\n");
                                        fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
                                }
                                break;
@@ -518,7 +526,11 @@ int conf_write(const char *name)
                                                fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
                                                /* bbox */
                                                fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-                                               fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                               fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                               fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                               fprintf(out_h, "#else\n");
+                                               fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                               fprintf(out_h, "#endif\n");
                                                fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
                                        }
                                        break;
@@ -532,7 +544,11 @@ int conf_write(const char *name)
                                        fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
                                        /* bbox */
                                        fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
-                                       fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                       fprintf(out_h, "#ifdef MAKE_SUID\n");
+                                       fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+                                       fprintf(out_h, "#else\n");
+                                       fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+                                       fprintf(out_h, "#endif\n");
                                        fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
                                }
                                break;