On Tue, Feb 23, 2010 at 1:14 PM, Tom Rini <[email protected]> wrote:
> On Tue, 2010-02-23 at 11:51 -0800, Khem Raj wrote: > > On Tue, Feb 23, 2010 at 11:02 AM, Tom Rini <[email protected]> wrote: > > > I was about to just push this and I noticed that a number of > > > distributions (SlugOS, Angstrom, Kaelios, micro) currently set > > > FEATURE_SUID=y, but it's not actually install SUID. And since I recall > > > some way-back-when's of "busybox SUID is dangerous / crap!", I thought > > > it best to post the patch first and let folks speak up / ask me to drop > > > FEATURE_SUID=y when I do this. So, here's the patch: > > > > > > diff --git a/recipes/busybox/busybox.inc b/recipes/busybox/busybox.inc > > > index 5f52850..b165d0f 100644 > > > --- a/recipes/busybox/busybox.inc > > > +++ b/recipes/busybox/busybox.inc > > > @@ -11,7 +11,7 @@ LICENSE = "GPL" > > > SECTION = "base" > > > PRIORITY = "required" > > > > > > -INC_PR = "r24" > > > +INC_PR = "r25" > > > > > > SRC_URI = "\ > > > file://busybox-cron \ > > > @@ -96,7 +96,11 @@ do_install () { > > > # Install /bin/busybox, and the /bin/sh link so the postinst > script > > > # can run. Let update-alternatives handle the rest. > > > install -d ${D}${base_bindir} > > > - install -m 0755 ${S}/busybox ${D}${base_bindir} > > > + if grep -q "CONFIG_FEATURE_SUID=y" ${WORKDIR}/defconfig; then > > > > may be you should grep it in ${S}/.config because thats what defconfig > > turns into finally > > and used by busybox build. > > I'd be fine doing a follow-up to clean them all up, but today > busybox.inc does all of its checks to ${WORKDIR}/defconfig. > > > > + install -m 4755 ${S}/busybox ${D}${base_bindir} > > > > what does 4755 translate to ? (curiosity) > > 4 is suid (2 is sgid, 1 is i forget the name but what you stick on /tmp > & such). Sticky :) -- Christopher Larson clarson at kergoth dot com Founder - BitBake, OpenEmbedded, OpenZaurus Maintainer - Tslib Senior Software Engineer, Mentor Graphics _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
