[Dev] Fwd: Re: ToyBox task

Xavier Roche xavier.roche at open.eurogiciel.org
Thu Oct 16 07:23:46 GMT 2014


Thanks for that reply Casey,

I totally agree with your feedbacks.
As I said in my previous mail, this is just a draft. Basically I made 
this dirty code some time ago in order to size up the work to do on 
toybox and its complexity.
Of course this is not a suitable patch, and it must be considered as a POC.
I just preferred sharing this with Jan than keeping it on my side.
Be sure we will pay attention to these points.

Best regards,

Xavier

--
Xavier Roche
Intel Open Source Technology Center

On 15/10/2014 16:48, Schaufler, Casey wrote:
>
> From ab0ee6da4dedd343b4ec8371d046dc9230bb2798 Mon Sep 17 00:00:00 2001
>
> From: xroche <xavier.roche at open.eurogiciel.org>
>
> Date: Wed, 15 Oct 2014 13:16:52 +0200
>
> Subject: [PATCH] Add -Z option to ls command
>
> Signed-off-by: xroche <xavier.roche at open.eurogiciel.org>
>
> ---
>
> toys/posix/ls.c | 23 +++++++++++++++++++++--
>
> 1 file changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/toys/posix/ls.c b/toys/posix/ls.c
>
> index 0687132..4de0089 100644
>
> --- a/toys/posix/ls.c
>
> +++ b/toys/posix/ls.c
>
> @@ -5,13 +5,13 @@
>
>   *
>
>   * See http://opengroup.org/onlinepubs/9699919799/utilities/ls.html
>
> -USE_LS(NEWTOY(ls, 
> USE_LS_COLOR("(color):;")"goACFHLRSacdfiklmnpqrstux1[-1Cglmnox][-cu][-ftS][-HL]", 
> TOYFLAG_BIN|TOYFLAG_LOCALE))
>
> +USE_LS(NEWTOY(ls, 
> USE_LS_COLOR("(color):;")"goACFHLRSZacdfiklmnpqrstux1[-1Cglmnox][-cu][-ftS][-HL]", 
> TOYFLAG_BIN|TOYFLAG_LOCALE))
>
>  config LS
>
>    bool "ls"
>
>    default y
>
>    help
>
> -    usage: ls [-ACFHLRSacdfiklmnpqrstux1] [directory...]
>
> +    usage: ls [-ACFHLRSZacdfiklmnpqrstux1] [directory...]
>
>      list files
>
>      what to show:
>
> @@ -22,6 +22,7 @@ config LS
>
>      -u    use access time for timestamps       -A  list all files but 
> . and ..
>
>      -H    follow command line symlinks         -L  follow symlinks
>
>      -R    recursively list files in subdirs    -F  append /dir *exe 
> @sym |FIFO
>
> +    -Z  security context of listed files
>
>      output formats:
>
>      -1    list one file per line               -C  columns (sorted 
> vertically)
>
> @@ -49,6 +50,7 @@ config LS_COLOR
>
>  #ifdef USE_SMACK
>
> #include <sys/smack.h>
>
> +#include <linux/xattr.h>
>
> #endif //USE_SMACK
>
>  // test sst output (suid/sticky in ls flaglist)
>
> @@ -381,6 +383,23 @@ static void listfiles(int dirfd, struct dirtree 
> *indir)
>
>      if (flags & FLAG_i) xprintf("% *lu ", len[1], (unsigned 
> long)st->st_ino);
>
>      if (flags & FLAG_s) xprintf("% *lu ", len[6], (unsigned 
> long)st->st_blocks);
>
> +
>
> +#ifdef USE_SMACK
>
> +    if (flags & FLAG_Z) {
>
> +          if (smack_smackfs_path () != NULL) {  // if smack enabled
>
> +               char *context;
>
> +               char p[128];
>
> You can’t be sure that the sprintf below will fit in 128 bytes.
>
> +               sprintf(p, "%s/%s", indir->name, sort[next]->name);
>
> +               int r = smack_new_label_from_path(p, XATTR_NAME_SMACK, 
> 1, &context);
>
> +               if (r < 0)
>
> +                    printf("_ ", context);
>
> This is a really bad idea. If you can’t fetch the Smack label use “?”, 
> not “_”.
>
> +               else
>
> +                    printf("%s ", context);
>
> +          }  // smack not enabled
>
> +          else
>
> + printf("unlabeled ");
>
> The string “unlabeled” is a valid Smack label. You have three 
> legitimate options. You can ignore the –Z. You can print “?”. You can 
> try fetching the Smack label anyway. It’s an extended attribute that 
> might be there even if Smack isn’t enabled.
>
> Also be aware that the –Z option is shared with SELinux. Someday 
> someone will likely add USE_SELINUX and want to reuse your code.
>
> +    }
>
> +#endif
>
>      if (flags & (FLAG_l|FLAG_o|FLAG_n|FLAG_g)) {
>
>        struct tm *tm;
>
> -- 
>
> 1.8.4.5
>
> *From:*Dev [mailto:dev-bounces at lists.tizen.org] *On Behalf Of *Xavier 
> Roche
> *Sent:* Wednesday, October 15, 2014 4:38 AM
> *To:* Jan Cybulski
> *Cc:* dev at lists.tizen.org
> *Subject:* Re: [Dev] Fwd: Re: ToyBox task
>
> Jan,
>
> You will find attached to this mail a patch I made which add '-Z' 
> option to the 'ls' toybox command.
> (I have adapted the patch to the current tizen repo status).
> This is just a draft, and the display calculation is still missing...
> Anyway I hope this will help you...
>
> Best regards,
>
> --
> Xavier Roche
> Intel Open Source Technology Center
>
> On 15/10/2014 08:05, Jan Cybulski wrote:
>
>     Hello all,
>
>     As for now I continue my work on Toybox.
>
>     Xavier, you sent patch that adds dependency on libsmack to Toybox.
>
>     I just wonder if Toybox maintainers do not mind that:
>     maybe they would prefer just reads of smackfs and proc or xattrs?
>     (I would prefer libsmack though)
>
>     Best regards,
>     Jan Cybulski
>
>
>     On 14.10.2014 13:55, Xavier Roche wrote:
>
>
>         On 14/10/2014 12:32, WaLyong Cho wrote:
>
>             On 10/14/2014 06:56 PM, Xavier Roche wrote:
>
>                 Hi Walyong,
>
>                 Thanks for the info,
>
>                 Basically the toybox solution has already been studied
>                 and we have
>                 already metrics on what we have add/modify.
>                 It requires a very little effort to get it work
>                 properly in a Tizen
>                 security context.
>                 (here provides some value and print on the mail
>                 history with Samsung and
>                 a link toward Tizen Git repos)
>                 More over, Toybox is an active opensource project and
>                 offers community
>                 feedbacks and improvements, on which we can rely on.
>
>             If toybox really active and we can rely on then toybox
>             also will be good
>             option.
>
>         I really think it is a good option, (almost 60 commits
>         published last month) ...
>         In addition, please take a look at the following :
>           - tizen toybox repo : toybox
>         <https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox>
>         <https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox>
>           - current toybox status in Tizen : wiki
>         <https://wiki.tizen.org/wiki/Toybox>
>         <https://wiki.tizen.org/wiki/Toybox> and detailed status
>         <https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
>         <https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
>
>         More over, I have discussed with the toybox upstream
>         maintainer (Rob Landley, who used to work on busybox), and he
>         is ready to give us an upstream support and integrate our
>         patches as possible.
>
>
>                 Any way I am always curious and interesting in
>                 studying alternatives.
>                 I could not find anything on your project in the open.
>                 Please send me the pointer as soon as it is available...
>
>             I will.
>
>             Thanks
>
>
>                 Best regards,
>
>                 -- 
>                 Xavier Roche
>                 Intel Open Source Technology Center
>
>                 On 14/10/2014 10:15, WaLyong Cho wrote:
>
>                     Hi all,
>
>                     I'd like to introduce new toolbox like tool. That
>                     is named as *tinybox*.
>                     We have plan to open that on github. That is not
>                     under IP verification.
>                     I think that will be soon opened.
>
>                     *tinybox* is using Apache license.
>
>                     Many of coreutils commands were already
>                     implemented. And many of others
>                     are implementing now.
>
>                     *tinybox* was started to be used on Tizen.(so at
>                     the first time, that
>                     has name like tizenbox.) But there is no Tizen
>                     feature and should be.
>
>                     I hope to move security-related functionalities to
>                     *tinybox*.
>
>
>                     On 10/13/2014 06:31 PM, Xavier Roche wrote:
>
>                         Hello Jan,
>
>                         You can work with the platform/upstream/toybox
>                         repository (see :
>                         https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox
>                         )
>                         The list provided in the wiki ( here
>                         <https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
>                         <https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
>
>                         ) is up to date.
>                         Basically, the security-related
>                         functionalities to add only concern the
>                         following:
>                         - cp
>                         - id
>                         - ls
>                         - mkdir
>                         - mkfifo
>                         - mknod
>                         - ps
>
>                         I will create Jira issues on these tasks, with
>                         a detailed description
>                         for each cases...
>
>                         However, Gerrit seems not to work properly
>                         today... I'm not sure you
>                         could clone the toybox repository  at the moment.
>                         Feel free to contact me if any questions!
>
>
>                         Best regards,
>
>                         -- 
>                         Xavier Roche
>                         Intel Open Source Technology Center
>
>
>                         On 13/10/2014 10:41, Jan Cybulski wrote:
>
>                             Hello, Dominique and Xavier,
>
>                             I am Tizen developer in Samsung Electronics,
>                             I got a task from Tomasz Swierczek to add
>                             smack aware code to ToyBox.
>                             He gave me contact to You as people in
>                             charge for this on Intel side.
>
>                             I would like to start working on this and
>                             ask which repository should
>                             I work with, and what is the required
>                             schedule for this task?
>
>                             Aslo : Is wiki site for this up to date?
>                             (https://wiki.tizen.org/wiki/Toybox)
>                             Especially I mean the list of
>                             toys that are still to be changed by
>                             adding security-related
>                             functionalities. I would like to avoid
>                             duplication if some work is
>                             done already or is performed right now.
>
>                             Best regards,
>                             Jan Cybulski
>
>                         _______________________________________________
>                         Dev mailing list
>                         Dev at lists.tizen.org <mailto:Dev at lists.tizen.org>
>                         https://lists.tizen.org/listinfo/dev
>
>         Best regards,
>
>         -- 
>         Xavier Roche
>         Intel Open Source Technology Center
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20141016/90c13567/attachment-0001.html>


More information about the Dev mailing list