* [Buildroot] how does buildroot avoid requireing root? @ 2013-06-29 0:47 John Stile 2013-06-29 1:49 ` Charles Krinke 2013-06-29 8:49 ` Thomas Petazzoni 0 siblings, 2 replies; 4+ messages in thread From: John Stile @ 2013-06-29 0:47 UTC (permalink / raw) To: buildroot I am confused about how buildroot creates busybox. There are notes that one must ensure that busybox setuid root. Performing this operation must be performed as root: chown 0.0 /bin/busybox; chmod 4755 /bin/busybox Yet when I use buildroot I never become root. How does buildroot accomplish this? In output/build/busybox-1.18.5 I see applets/install.sh calls: install -m 755 busybox $prefix/bin/busybox || exit 1 but I don't see how this becomes setuid? On my embedded system, I see: -rwsr-xr-x 1 root root 605876 Jun 28 2013 /bin/busybox* ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] how does buildroot avoid requireing root? 2013-06-29 0:47 [Buildroot] how does buildroot avoid requireing root? John Stile @ 2013-06-29 1:49 ` Charles Krinke 2013-06-29 8:49 ` Thomas Petazzoni 1 sibling, 0 replies; 4+ messages in thread From: Charles Krinke @ 2013-06-29 1:49 UTC (permalink / raw) To: buildroot Its done with the "fakeroot" scripts. Google that and you can see how root filesystem builders like buildroot work that piece of magic. It became impractical to build root file systems for embedded targets a few years ago when folks started using shared servers that had no root access, amongst other reasons. Charles On Jun 28, 2013 5:58 PM, "John Stile" <john@stilen.com> wrote: > I am confused about how buildroot creates busybox. > > There are notes that one must ensure that busybox setuid root. > > Performing this operation must be performed as root: > chown 0.0 /bin/busybox; chmod 4755 /bin/busybox > > Yet when I use buildroot I never become root. > > How does buildroot accomplish this? > > In output/build/busybox-1.18.5 I see applets/install.sh calls: > install -m 755 busybox $prefix/bin/busybox || exit 1 > > but I don't see how this becomes setuid? > > On my embedded system, I see: > -rwsr-xr-x 1 root root 605876 Jun 28 2013 /bin/busybox* > > > _______________________________________________ > buildroot mailing list > buildroot at busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130628/ff9485dd/attachment.html> ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] how does buildroot avoid requireing root? 2013-06-29 0:47 [Buildroot] how does buildroot avoid requireing root? John Stile 2013-06-29 1:49 ` Charles Krinke @ 2013-06-29 8:49 ` Thomas Petazzoni 2013-06-29 17:08 ` John Stile 1 sibling, 1 reply; 4+ messages in thread From: Thomas Petazzoni @ 2013-06-29 8:49 UTC (permalink / raw) To: buildroot Dear John Stile, On Fri, 28 Jun 2013 17:47:16 -0700, John Stile wrote: > I am confused about how buildroot creates busybox. > > There are notes that one must ensure that busybox setuid root. > > Performing this operation must be performed as root: > chown 0.0 /bin/busybox; chmod 4755 /bin/busybox > > Yet when I use buildroot I never become root. > > How does buildroot accomplish this? > > In output/build/busybox-1.18.5 I see applets/install.sh calls: > install -m 755 busybox $prefix/bin/busybox || exit 1 > > but I don't see how this becomes setuid? > > On my embedded system, I see: > -rwsr-xr-x 1 root root 605876 Jun 28 2013 /bin/busybox* We use a combination of 'fakeroot' and 'makedevs'. From http://man.he.net/man1/fakeroot: fakeroot runs a command in an environment wherein it appears to have root privileges for file manipulation. This is useful for allowing users to create archives (tar, ar, .deb etc.) with files in them with root permissions/ownership. Without fakeroot one would need to have root privileges to create the constituent files of the archives with the correct permissions and ownership, and then pack them up, or one would have to construct the archives directly, without using the archiver. fakeroot works by replacing the file manipulation library functions (chmod(2), stat(2) etc.) by ones that simulate the effect the real library functions would have had, had the user really been root. These wrapper functions are in a shared library /usr/lib/libfakeroot.so* which is loaded through the LD_PRELOAD mechanism of the dynamic loader. (See ld.so(8)) Basically, we use fakeroot to run the following commands: makedevs tar cf rootfs.tar output/target And what makedevs does is that it reads some permission and device tables to create device files and adjust permissions. Those device/permission tables are constructed from system/device_table.txt (and system/device_table_dev.txt for devices) and also from individual package .mk files that use the <pkg>_PERMISSIONS and <pkg>_DEVICES mechanism. From package/busybox/busybox.mk: define BUSYBOX_PERMISSIONS /bin/busybox f 4755 0 0 - - - - - /usr/share/udhcpc/default.script f 755 0 0 - - - - - endef Here you see that we tell Buildroot to make Busybox a setuid binary. Does that answer your question? Best regards, Thomas -- Thomas Petazzoni, Free Electrons Kernel, drivers, real-time and embedded Linux development, consulting, training and support. http://free-electrons.com ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] how does buildroot avoid requireing root? 2013-06-29 8:49 ` Thomas Petazzoni @ 2013-06-29 17:08 ` John Stile 0 siblings, 0 replies; 4+ messages in thread From: John Stile @ 2013-06-29 17:08 UTC (permalink / raw) To: buildroot That does answer my question very well. Thank you. On Sat, 2013-06-29 at 10:49 +0200, Thomas Petazzoni wrote: > Dear John Stile, > > On Fri, 28 Jun 2013 17:47:16 -0700, John Stile wrote: > > I am confused about how buildroot creates busybox. > > > > There are notes that one must ensure that busybox setuid root. > > > > Performing this operation must be performed as root: > > chown 0.0 /bin/busybox; chmod 4755 /bin/busybox > > > > Yet when I use buildroot I never become root. > > > > How does buildroot accomplish this? > > > > In output/build/busybox-1.18.5 I see applets/install.sh calls: > > install -m 755 busybox $prefix/bin/busybox || exit 1 > > > > but I don't see how this becomes setuid? > > > > On my embedded system, I see: > > -rwsr-xr-x 1 root root 605876 Jun 28 2013 /bin/busybox* > > We use a combination of 'fakeroot' and 'makedevs'. From > http://man.he.net/man1/fakeroot: > > fakeroot runs a command in an environment wherein it > appears to have root privileges for file > manipulation. This is useful for allowing users to > create archives (tar, ar, .deb etc.) with files in them > with root permissions/ownership. Without fakeroot one > would need to have root privileges to create the > constituent files of the archives with the correct > permissions and ownership, and then pack them up, or > one would have to construct the archives directly, > without using the archiver. > > fakeroot works by replacing the file manipulation library > functions (chmod(2), stat(2) etc.) by ones that > simulate the effect the real library functions would > have had, had the user really been root. These wrapper > functions are in a shared > library /usr/lib/libfakeroot.so* which is loaded > through the LD_PRELOAD mechanism of the dynamic loader. > (See ld.so(8)) > > Basically, we use fakeroot to run the following commands: > > makedevs > tar cf rootfs.tar output/target > > And what makedevs does is that it reads some permission and device > tables to create device files and adjust permissions. Those > device/permission tables are constructed from system/device_table.txt > (and system/device_table_dev.txt for devices) and also from individual > package .mk files that use the <pkg>_PERMISSIONS and <pkg>_DEVICES > mechanism. From package/busybox/busybox.mk: > > define BUSYBOX_PERMISSIONS > /bin/busybox f 4755 0 0 - - - - - > /usr/share/udhcpc/default.script f 755 0 0 - - - - - > endef > > Here you see that we tell Buildroot to make Busybox a setuid binary. > > Does that answer your question? > > Best regards, > > Thomas ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-06-29 17:08 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-06-29 0:47 [Buildroot] how does buildroot avoid requireing root? John Stile 2013-06-29 1:49 ` Charles Krinke 2013-06-29 8:49 ` Thomas Petazzoni 2013-06-29 17:08 ` John Stile
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox