mirror of
https://git.yoctoproject.org/poky
synced 2026-06-05 14:29:48 +00:00
busybox.inc: Add sanity check to test if the suid binary provides sh
Add a sanity check during the do_compile task to fail if the suid busybox provides /bin/sh. This is considered as a hard fail since not only is providing sh as suid problematic for security reasons but also because the sh configured for suid is less functional than the nosuid configured sh and breaks a number of required features (e.g. 64-bit test). (From OE-Core rev: b64807549569817c8f1921a0aad52c815af90731) Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Nathan Rossi
committed by
Richard Purdie
Richard Purdie
parent
d48c2c6f38
commit
b8bd1f7163
@@ -183,6 +183,12 @@ do_compile() {
|
||||
oe_runmake busybox.links
|
||||
mv busybox.links busybox.links.$s
|
||||
done
|
||||
|
||||
# hard fail if sh is being linked to the suid busybox (detects bug 10346)
|
||||
if grep -q -x "/bin/sh" busybox.links.suid; then
|
||||
bbfatal "busybox suid binary incorrectly provides /bin/sh"
|
||||
fi
|
||||
|
||||
# copy .config.orig back to .config, because the install process may check this file
|
||||
cp .config.orig .config
|
||||
# cleanup
|
||||
|
||||
Reference in New Issue
Block a user