[Buildroot] [PATCH v3 7/8] package/petitboot: enable user separation
Arnout Vandecappelle
arnout at mind.be
Sun Nov 5 18:26:16 UTC 2023
On 09/10/2023 17:17, Reza Arbab wrote:
> Run the petitboot UI as an unprivileged user. This requires using the
> agetty package instead of the busybox getty utility, running the initial
> pb-console helper at user login rather than directly.
That sounds counterproductive though? It means you have to log in before the
boot menu is displayed? Or perhaps I misunderstand the statement here.
It's also not clear why it would need agetty instead of busybox getty.
This doesn't sound like something that should be done by default.
> If sudo is installed, with a sudoers policy allowing petituser to
> perform sudo with no password (or a blank password), the "drop to shell"
> feature of petitboot will automatically become a root shell.
It seems to me that the logical thing to do would be to drop into an actual
getty, which asks for a login and password.
>
> Signed-off-by: Reza Arbab <arbab at linux.ibm.com>
> ---
> package/petitboot/Config.in | 1 +
> package/petitboot/S15pb-discover | 4 +++-
> package/petitboot/pb-console | 6 ++++--
> package/petitboot/petitboot.mk | 12 ++++++++++++
> package/petitboot/shell_config | 24 ++++++++++++++++++++++++
> package/petitboot/shell_profile | 2 ++
> 6 files changed, 46 insertions(+), 3 deletions(-)
> create mode 100644 package/petitboot/shell_config
> create mode 100644 package/petitboot/shell_profile
>
> diff --git a/package/petitboot/Config.in b/package/petitboot/Config.in
> index 5f1d91e77ecb..0f965e71e628 100644
> --- a/package/petitboot/Config.in
> +++ b/package/petitboot/Config.in
> @@ -16,6 +16,7 @@ config BR2_PACKAGE_PETITBOOT
> select BR2_PACKAGE_KEXEC_LITE if ( BR2_powerpc || BR2_powerpc64 || BR2_powerpc64le )
> select BR2_PACKAGE_NVME if ( BR2_powerpc || BR2_powerpc64 || BR2_powerpc64le )
> select BR2_PACKAGE_POWERPC_UTILS if ( BR2_powerpc || BR2_powerpc64 || BR2_powerpc64le )
> + select BR2_PACKAGE_UTIL_LINUX_AGETTY
> help
> Petitboot is a small kexec-based bootloader
>
> diff --git a/package/petitboot/S15pb-discover b/package/petitboot/S15pb-discover
> index 71ab62d99859..a37e33521f1a 100644
> --- a/package/petitboot/S15pb-discover
> +++ b/package/petitboot/S15pb-discover
> @@ -12,7 +12,9 @@ fi
>
> start() {
> printf 'Starting %s: ' "$DAEMON"
> - mkdir -p /var/log/petitboot
> + # shellcheck disable=SC2174 # only apply -m to deepest dir
> + mkdir -p -m 0775 /var/log/petitboot
> + chown root:petitgroup /var/log/petitboot
Why is it owned by root and not petituser?
>
> # shellcheck disable=SC2086 # we need the word splitting
> start-stop-daemon -S -q -b -m -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \
> diff --git a/package/petitboot/pb-console b/package/petitboot/pb-console
> index 407ff3b30232..eea40163d02f 100644
> --- a/package/petitboot/pb-console
> +++ b/package/petitboot/pb-console
> @@ -3,14 +3,16 @@
> DAEMON="pb-console"
>
> PB_CONSOLE_PORT=${2:-"console"}
> -PB_CONSOLE_ARGS="--getty --detach -- -n -i 0 $PB_CONSOLE_PORT linux"
> +PB_CONSOLE_ARGS="--getty=/sbin/agetty --detach -- -a petituser -n -i $PB_CONSOLE_PORT linux"
>
> # shellcheck source=/dev/null
> [ -r "/etc/default/petitboot" ] && . "/etc/default/petitboot"
>
> start() {
> printf 'Starting %s on %s: ' "$DAEMON" "$PB_CONSOLE_PORT"
> - mkdir -p /var/log/petitboot
> + # shellcheck disable=SC2174 # only apply -m to deepest dir
> + mkdir -p -m 0775 /var/log/petitboot
> + chown root:petitgroup /var/log/petitboot
>
> # shellcheck disable=SC2086 # we need the word splitting
> start-stop-daemon -S -q -x "/usr/libexec/petitboot/$DAEMON" \
> diff --git a/package/petitboot/petitboot.mk b/package/petitboot/petitboot.mk
> index ff87f3498734..5b517eb3b1a6 100644
> --- a/package/petitboot/petitboot.mk
> +++ b/package/petitboot/petitboot.mk
> @@ -71,6 +71,10 @@ define PETITBOOT_POST_INSTALL
> $(TARGET_DIR)/usr/sbin/kexec-restart
> $(INSTALL) -D -m 0755 $(PETITBOOT_PKGDIR)/pb-console \
> $(TARGET_DIR)/etc/init.d/pb-console
> + $(INSTALL) -D -m 0755 $(PETITBOOT_PKGDIR)/shell_config \
> + $(TARGET_DIR)/home/petituser/.shrc
> + $(INSTALL) -D -m 0755 $(PETITBOOT_PKGDIR)/shell_profile \
> + $(TARGET_DIR)/home/petituser/.profile
>
> mkdir -p $(TARGET_DIR)/etc/udev/rules.d
> (for port in $(PETITBOOT_GETTY_PORT); do \
> @@ -84,4 +88,12 @@ endef
>
> PETITBOOT_POST_INSTALL_TARGET_HOOKS += PETITBOOT_POST_INSTALL
>
> +define PETITBOOT_USERS
> + petituser -1 petitgroup -1 * /home/petituser /bin/sh - petitboot user
Are petitgroup and petituser standard names? If not, we normally use the
package name as username and group name, i.e.
petitboot -1 petitboot -1 ...
Also, does this user really need a home directory and a shell? It really
should be a system user, no? It's only when it falls into the shell that you
need an actual shell...
> +endef
> +
> +define PETITBOOT_PERMISSIONS
> + /var/petitboot d 775 root petitgroup - - - - -
What is /var/petitboot used for?
> +endef
> +
> $(eval $(autotools-package))
> diff --git a/package/petitboot/shell_config b/package/petitboot/shell_config
> new file mode 100644
> index 000000000000..b10b95baae6c
> --- /dev/null
> +++ b/package/petitboot/shell_config
> @@ -0,0 +1,24 @@
> +#!/bin/sh
> +
> +try_sudo() {
> + [ -x "$(command -v sudo)" ] || return
> + sudo -K
> + echo | sudo -S /bin/true >/dev/null 2>&1 || return
> +
> + echo "No password required, running as root."
> + sudo -i
> + sudo -K
> + exit
> +}
> +
> +reset
> +
> +echo "Exiting petitboot. Type 'exit' to return."
> +echo "You may run 'pb-sos' to gather diagnostic data."
> +
> +if [ "$(id -u)" != "0" ]; then
> + try_sudo
> + export PS1='$ '
> +else
> + export PS1='# '
> +fi
> diff --git a/package/petitboot/shell_profile b/package/petitboot/shell_profile
> new file mode 100644
> index 000000000000..1ca5e6364dba
> --- /dev/null
> +++ b/package/petitboot/shell_profile
> @@ -0,0 +1,2 @@
> +export ENV="/home/petituser/.shrc"
This needs a bit more explanation. Is ENV something that is used by
pb-console? How is it evaluated?
Marked as Changes Requested.
Regards,
Arnout
> +exec /usr/libexec/petitboot/pb-console
More information about the buildroot
mailing list