Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] how does buildroot avoid requireing root?
@ 2013-06-29  0:47 John Stile
  2013-06-29  1:49 ` Charles Krinke
  2013-06-29  8:49 ` Thomas Petazzoni
  0 siblings, 2 replies; 4+ messages in thread
From: John Stile @ 2013-06-29  0:47 UTC (permalink / raw)
  To: buildroot

I am confused about how buildroot creates busybox.

There are notes that one must ensure that busybox setuid root.

Performing this operation must be performed as root:
   chown 0.0 /bin/busybox; chmod 4755 /bin/busybox

Yet when I use buildroot I never become root.

How does buildroot accomplish this?

In output/build/busybox-1.18.5 I see applets/install.sh calls:
  install -m 755 busybox $prefix/bin/busybox || exit 1

but I don't see how this becomes setuid?

On my embedded system, I see:
-rwsr-xr-x    1 root     root        605876 Jun 28  2013 /bin/busybox*

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] how does buildroot avoid requireing root?
  2013-06-29  0:47 [Buildroot] how does buildroot avoid requireing root? John Stile
@ 2013-06-29  1:49 ` Charles Krinke
  2013-06-29  8:49 ` Thomas Petazzoni
  1 sibling, 0 replies; 4+ messages in thread
From: Charles Krinke @ 2013-06-29  1:49 UTC (permalink / raw)
  To: buildroot

Its done with the "fakeroot" scripts. Google that and you can see how root
filesystem builders like buildroot work that piece of magic.

It became impractical to build root file systems for embedded targets a few
years ago when folks started using shared servers that had no root access,
amongst other reasons.

Charles
On Jun 28, 2013 5:58 PM, "John Stile" <john@stilen.com> wrote:

> I am confused about how buildroot creates busybox.
>
> There are notes that one must ensure that busybox setuid root.
>
> Performing this operation must be performed as root:
>    chown 0.0 /bin/busybox; chmod 4755 /bin/busybox
>
> Yet when I use buildroot I never become root.
>
> How does buildroot accomplish this?
>
> In output/build/busybox-1.18.5 I see applets/install.sh calls:
>   install -m 755 busybox $prefix/bin/busybox || exit 1
>
> but I don't see how this becomes setuid?
>
> On my embedded system, I see:
> -rwsr-xr-x    1 root     root        605876 Jun 28  2013 /bin/busybox*
>
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130628/ff9485dd/attachment.html>

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] how does buildroot avoid requireing root?
  2013-06-29  0:47 [Buildroot] how does buildroot avoid requireing root? John Stile
  2013-06-29  1:49 ` Charles Krinke
@ 2013-06-29  8:49 ` Thomas Petazzoni
  2013-06-29 17:08   ` John Stile
  1 sibling, 1 reply; 4+ messages in thread
From: Thomas Petazzoni @ 2013-06-29  8:49 UTC (permalink / raw)
  To: buildroot

Dear John Stile,

On Fri, 28 Jun 2013 17:47:16 -0700, John Stile wrote:
> I am confused about how buildroot creates busybox.
> 
> There are notes that one must ensure that busybox setuid root.
> 
> Performing this operation must be performed as root:
>    chown 0.0 /bin/busybox; chmod 4755 /bin/busybox
> 
> Yet when I use buildroot I never become root.
> 
> How does buildroot accomplish this?
> 
> In output/build/busybox-1.18.5 I see applets/install.sh calls:
>   install -m 755 busybox $prefix/bin/busybox || exit 1
> 
> but I don't see how this becomes setuid?
> 
> On my embedded system, I see:
> -rwsr-xr-x    1 root     root        605876 Jun 28  2013 /bin/busybox*

We use a combination of 'fakeroot' and 'makedevs'. From
http://man.he.net/man1/fakeroot:
   
       	fakeroot runs a command in an environment wherein it
       	appears to  have root  privileges  for  file
       	manipulation.  This is useful for allowing users to
       	create archives (tar, ar, .deb etc.) with files in them
       	with root  permissions/ownership. Without  fakeroot one
       	would need to have root privileges to create the
       	constituent files of  the archives  with the correct
       	permissions  and ownership, and then pack them up, or
       	one would have to  construct  the  archives  directly,
       	without using  the archiver.

	fakeroot  works  by  replacing  the file manipulation library
       	functions (chmod(2), stat(2) etc.) by ones that
       	simulate  the effect  the  real library  functions would
       	have had, had the user really been root. These wrapper
       	functions are  in  a shared
       	library  /usr/lib/libfakeroot.so* which is loaded
       	through the LD_PRELOAD mechanism of the dynamic loader.
       	(See ld.so(8))

Basically, we use fakeroot to run the following commands:

	makedevs
	tar cf rootfs.tar output/target

And what makedevs does is that it reads some permission and device
tables to create device files and adjust permissions. Those
device/permission tables are constructed from system/device_table.txt
(and system/device_table_dev.txt for devices) and also from individual
package .mk files that use the <pkg>_PERMISSIONS and <pkg>_DEVICES
mechanism. From package/busybox/busybox.mk:

define BUSYBOX_PERMISSIONS
/bin/busybox                     f 4755 0 0 - - - - -
/usr/share/udhcpc/default.script f 755  0 0 - - - - -
endef

Here you see that we tell Buildroot to make Busybox a setuid binary.

Does that answer your question?

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] how does buildroot avoid requireing root?
  2013-06-29  8:49 ` Thomas Petazzoni
@ 2013-06-29 17:08   ` John Stile
  0 siblings, 0 replies; 4+ messages in thread
From: John Stile @ 2013-06-29 17:08 UTC (permalink / raw)
  To: buildroot

That does answer my question very well.
Thank you.

On Sat, 2013-06-29 at 10:49 +0200, Thomas Petazzoni wrote:
> Dear John Stile,
> 
> On Fri, 28 Jun 2013 17:47:16 -0700, John Stile wrote:
> > I am confused about how buildroot creates busybox.
> > 
> > There are notes that one must ensure that busybox setuid root.
> > 
> > Performing this operation must be performed as root:
> >    chown 0.0 /bin/busybox; chmod 4755 /bin/busybox
> > 
> > Yet when I use buildroot I never become root.
> > 
> > How does buildroot accomplish this?
> > 
> > In output/build/busybox-1.18.5 I see applets/install.sh calls:
> >   install -m 755 busybox $prefix/bin/busybox || exit 1
> > 
> > but I don't see how this becomes setuid?
> > 
> > On my embedded system, I see:
> > -rwsr-xr-x    1 root     root        605876 Jun 28  2013 /bin/busybox*
> 
> We use a combination of 'fakeroot' and 'makedevs'. From
> http://man.he.net/man1/fakeroot:
>    
>        	fakeroot runs a command in an environment wherein it
>        	appears to  have root  privileges  for  file
>        	manipulation.  This is useful for allowing users to
>        	create archives (tar, ar, .deb etc.) with files in them
>        	with root  permissions/ownership. Without  fakeroot one
>        	would need to have root privileges to create the
>        	constituent files of  the archives  with the correct
>        	permissions  and ownership, and then pack them up, or
>        	one would have to  construct  the  archives  directly,
>        	without using  the archiver.
> 
> 	fakeroot  works  by  replacing  the file manipulation library
>        	functions (chmod(2), stat(2) etc.) by ones that
>        	simulate  the effect  the  real library  functions would
>        	have had, had the user really been root. These wrapper
>        	functions are  in  a shared
>        	library  /usr/lib/libfakeroot.so* which is loaded
>        	through the LD_PRELOAD mechanism of the dynamic loader.
>        	(See ld.so(8))
> 
> Basically, we use fakeroot to run the following commands:
> 
> 	makedevs
> 	tar cf rootfs.tar output/target
> 
> And what makedevs does is that it reads some permission and device
> tables to create device files and adjust permissions. Those
> device/permission tables are constructed from system/device_table.txt
> (and system/device_table_dev.txt for devices) and also from individual
> package .mk files that use the <pkg>_PERMISSIONS and <pkg>_DEVICES
> mechanism. From package/busybox/busybox.mk:
> 
> define BUSYBOX_PERMISSIONS
> /bin/busybox                     f 4755 0 0 - - - - -
> /usr/share/udhcpc/default.script f 755  0 0 - - - - -
> endef
> 
> Here you see that we tell Buildroot to make Busybox a setuid binary.
> 
> Does that answer your question?
> 
> Best regards,
> 
> Thomas

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-06-29 17:08 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-29  0:47 [Buildroot] how does buildroot avoid requireing root? John Stile
2013-06-29  1:49 ` Charles Krinke
2013-06-29  8:49 ` Thomas Petazzoni
2013-06-29 17:08   ` John Stile

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox