| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 17 Feb 2018 21:39:45 +0100
From: Richard Weinberger <richard@....at>
To: linux-kernel@...r.kernel.org
Cc: gregkh@...uxfoundation.org, kstewart@...uxfoundation.org,
npiggin@...il.com, yamada.masahiro@...ionext.com,
keescook@...omium.org, akpm@...ux-foundation.org,
david@...ma-star.at, Richard Weinberger <richard@....at>,
Sam Ravnborg <sam@...nborg.org>,
Arnaud Lacombe <lacombar@...il.com>,
Nick Bowler <nbowler@...iptictech.com>,
Michal Marek <mmarek@...e.cz>, Nicolas Pitre <nico@...aro.org>,
Rusty Russell <rusty@...tcorp.com.au>
Subject: [PATCH] kbuild: Don't source kernel config
Don't source the kernel config file in shell scripts.
The config file is not a shell script and often imported from untrusted
sources.
What could possible go wrong? ;-)
Instead, read config file line by line and access config entries using a bash
array.
Cc: Sam Ravnborg <sam@...nborg.org>
Cc: Arnaud Lacombe <lacombar@...il.com>
Cc: Nick Bowler <nbowler@...iptictech.com>
Cc: Michal Marek <mmarek@...e.cz>
Cc: Nicolas Pitre <nico@...aro.org>
Cc: Rusty Russell <rusty@...tcorp.com.au>
Fixes: 23121ca2b56b ("kbuild: create/adjust generated/autoksyms.h")
Fixes: 1f2bfbd00e46 ("kbuild: link of vmlinux moved to a script")
Signed-off-by: Richard Weinberger <richard@....at>
---
scripts/adjust_autoksyms.sh | 13 +++----------
scripts/importkconf.sh | 14 ++++++++++++++
scripts/link-vmlinux.sh | 23 ++++++++---------------
3 files changed, 25 insertions(+), 25 deletions(-)
create mode 100755 scripts/importkconf.sh
diff --git a/scripts/adjust_autoksyms.sh b/scripts/adjust_autoksyms.sh
index 513da1a4a2da..632abcd0dc69 100755
--- a/scripts/adjust_autoksyms.sh
+++ b/scripts/adjust_autoksyms.sh
@@ -39,14 +39,7 @@ case "$KBUILD_VERBOSE" in
esac
# We need access to CONFIG_ symbols
-case "${KCONFIG_CONFIG}" in
-*/*)
- . "${KCONFIG_CONFIG}"
- ;;
-*)
- # Force using a file from the current directory
- . "./${KCONFIG_CONFIG}"
-esac
+. scripts/importkconf.sh
# In case it doesn't exist yet...
if [ -e "$cur_ksyms_file" ]; then touch "$cur_ksyms_file"; fi
@@ -62,14 +55,14 @@ EOT
[ "$(ls -A "$MODVERDIR")" ] &&
sed -ns -e '3{s/ /\n/g;/^$/!p;}' "$MODVERDIR"/*.mod | sort -u |
while read sym; do
- if [ -n "$CONFIG_HAVE_UNDERSCORE_SYMBOL_PREFIX" ]; then
+ if [ -n "${KERNEL_CONFIG[CONFIG_HAVE_UNDERSCORE_SYMBOL_PREFIX]}" ]; then
sym="${sym#_}"
fi
echo "#define __KSYM_${sym} 1"
done >> "$new_ksyms_file"
# Special case for modversions (see modpost.c)
-if [ -n "$CONFIG_MODVERSIONS" ]; then
+if [ -n "${KERNEL_CONFIG[CONFIG_MODVERSIONS]}" ]; then
echo "#define __KSYM_module_layout 1" >> "$new_ksyms_file"
fi
diff --git a/scripts/importkconf.sh b/scripts/importkconf.sh
new file mode 100755
index 000000000000..755a9a2e9c65
--- /dev/null
+++ b/scripts/importkconf.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# helper script which reads all kconfig keys from the kernel .config file into
+# a bash associative array.
+# By testing ${KERNEL_CONFIG[CONFIG_FOO_BAR]} shell scripts can check whether
+# CONFIG_FOO_BAR is set in .config or not.
+#
+
+declare -A KERNEL_CONFIG
+
+for cfg_ent in $(awk -F= '/^CONFIG_[A-Z0-9_]+=/{print $1}' < ${KCONFIG_CONFIG})
+do
+ KERNEL_CONFIG[${cfg_ent}]="$cfg_ent"
+done
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index c0d129d7f430..c094dd8f19a2 100755
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -55,7 +55,7 @@ info()
#
archive_builtin()
{
- if [ -n "${CONFIG_THIN_ARCHIVES}" ]; then
+ if [ -n "${KERNEL_CONFIG[CONFIG_THIN_ARCHIVES]}" ]; then
info AR built-in.o
rm -f built-in.o;
${AR} rcsTP${KBUILD_ARFLAGS} built-in.o \
@@ -70,7 +70,7 @@ modpost_link()
{
local objects
- if [ -n "${CONFIG_THIN_ARCHIVES}" ]; then
+ if [ -n "${KERNEL_CONFIG[CONFIG_THIN_ARCHIVES]}" ]; then
objects="--whole-archive \
built-in.o \
--no-whole-archive \
@@ -96,7 +96,7 @@ vmlinux_link()
local objects
if [ "${SRCARCH}" != "um" ]; then
- if [ -n "${CONFIG_THIN_ARCHIVES}" ]; then
+ if [ -n "${KERNEL_CONFIG[CONFIG_THIN_ARCHIVES]}" ]; then
objects="--whole-archive \
built-in.o \
--no-whole-archive \
@@ -116,7 +116,7 @@ vmlinux_link()
${LD} ${LDFLAGS} ${LDFLAGS_vmlinux} -o ${2} \
-T ${lds} ${objects}
else
- if [ -n "${CONFIG_THIN_ARCHIVES}" ]; then
+ if [ -n "${KERNEL_CONFIG[CONFIG_THIN_ARCHIVES]}" ]; then
objects="-Wl,--whole-archive \
built-in.o \
-Wl,--no-whole-archive \
@@ -226,14 +226,7 @@ if [ "$1" = "clean" ]; then
fi
# We need access to CONFIG_ symbols
-case "${KCONFIG_CONFIG}" in
-*/*)
- . "${KCONFIG_CONFIG}"
- ;;
-*)
- # Force using a file from the current directory
- . "./${KCONFIG_CONFIG}"
-esac
+. scripts/importkconf.sh
# Update version
info GEN .version
@@ -259,7 +252,7 @@ ${MAKE} -f "${srctree}/scripts/Makefile.modpost" vmlinux.o
kallsymso=""
kallsyms_vmlinux=""
-if [ -n "${CONFIG_KALLSYMS}" ]; then
+if [ -n "${KERNEL_CONFIG[CONFIG_KALLSYMS]}" ]; then
# kallsyms support
# Generate section listing all symbols and add it into vmlinux
@@ -312,7 +305,7 @@ fi
info LD vmlinux
vmlinux_link "${kallsymso}" vmlinux
-if [ -n "${CONFIG_BUILDTIME_EXTABLE_SORT}" ]; then
+if [ -n "${KERNEL_CONFIG[CONFIG_BUILDTIME_EXTABLE_SORT]}" ]; then
info SORTEX vmlinux
sortextable vmlinux
fi
@@ -321,7 +314,7 @@ info SYSMAP System.map
mksysmap vmlinux System.map
# step a (see comment above)
-if [ -n "${CONFIG_KALLSYMS}" ]; then
+if [ -n "${KERNEL_CONFIG[CONFIG_KALLSYMS]}" ]; then
mksysmap ${kallsyms_vmlinux} .tmp_System.map
if ! cmp -s System.map .tmp_System.map; then
--
2.13.6
Powered by blists - more mailing lists