[U-Boot] [PATCH v2 1/9] moveconfig: expand simple expressions
Markus Klotzbuecher
mk at mkio.de
Wed Jan 29 09:44:19 CET 2020
Hi Heinrich
On Sat, Jan 25, 2020 at 10:46:04PM +0100, Heinrich Schuchardt wrote:
>On 5/15/19 3:15 PM, Markus Klotzbuecher wrote:
>> From: Markus Klotzbuecher <markus.klotzbuecher at kistler.com>
>>
>> Add support for expanding simple expressions and sizes such as
>> "(4 * 1024)", "(512 << 10)" or "(SZ_256K)".
>>
>> This can help to significantly reduce the number of "suspicious"
>> moves, such as
>>
>> 'CONFIG_ENV_SIZE="(64 << 10)"' was removed by savedefconfig.
>>
>> If the expansion fails, it falls back to the original string.
>>
>> Signed-off-by: Markus Klotzbuecher <markus.klotzbuecher at kistler.com>
>> Cc: Masahiro Yamada <yamada.masahiro at socionext.com>
>> Cc: Heiko Schocher <hs at denx.de>
>> ---
>> Changes for v2: new patch
>>
>> tools/moveconfig.py | 41 +++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 41 insertions(+)
>>
>> diff --git a/tools/moveconfig.py b/tools/moveconfig.py
>> index 1a214c5605..0bbc7c1991 100755
>> --- a/tools/moveconfig.py
>> +++ b/tools/moveconfig.py
>> @@ -354,6 +354,26 @@ CONFIG_DATABASE = 'moveconfig.db'
>>
>> CONFIG_LEN = len('CONFIG_')
>>
>> +SIZES = {
>> + "SZ_1": 0x00000001, "SZ_2": 0x00000002,
>> + "SZ_4": 0x00000004, "SZ_8": 0x00000008,
>> + "SZ_16": 0x00000010, "SZ_32": 0x00000020,
>> + "SZ_64": 0x00000040, "SZ_128": 0x00000080,
>> + "SZ_256": 0x00000100, "SZ_512": 0x00000200,
>> + "SZ_1K": 0x00000400, "SZ_2K": 0x00000800,
>> + "SZ_4K": 0x00001000, "SZ_8K": 0x00002000,
>> + "SZ_16K": 0x00004000, "SZ_32K": 0x00008000,
>> + "SZ_64K": 0x00010000, "SZ_128K": 0x00020000,
>> + "SZ_256K": 0x00040000, "SZ_512K": 0x00080000,
>> + "SZ_1M": 0x00100000, "SZ_2M": 0x00200000,
>> + "SZ_4M": 0x00400000, "SZ_8M": 0x00800000,
>> + "SZ_16M": 0x01000000, "SZ_32M": 0x02000000,
>> + "SZ_64M": 0x04000000, "SZ_128M": 0x08000000,
>> + "SZ_256M": 0x10000000, "SZ_512M": 0x20000000,
>> + "SZ_1G": 0x40000000, "SZ_2G": 0x80000000,
>> + "SZ_4G": 0x100000000
>> +}
>> +
>> ### helper functions ###
>> def get_devnull():
>> """Get the file object of '/dev/null' device."""
>> @@ -777,6 +797,25 @@ def cleanup_readme(configs, options):
>> with open('README', 'w') as f:
>> f.write(''.join(newlines))
>>
>> +def try_expand(line):
>> + """If value looks like an expression, try expanding it
>> + Otherwise just return the existing value
>> + """
>> + if line.find('=') == -1:
>> + return line
>> +
>> + try:
>> + cfg, val = re.split("=", line)
>> + val= val.strip('\"')
>> + if re.search("[*+-/]|<<|SZ_+|\(([^\)]+)\)", val):
>> + newval = hex(eval(val, SIZES))
>
>The if clause evaluates to true for values like:
>
> val = "os.execl('/sbin/fdisk')"
>
>As eval() can be used to execute arbitrary commands this patch should be
>corrected.
Fair point. I took a quick look at python sandboxing, and apparently
it's difficult to be done in a secure way (see pysandbox). As
introducing a CONFIG with something like the above clearly has
malicious intent, just preventing "accidential" execution will not be
sufficient. Perhaps we can use ast.literal_eval instead. I'll take a
closer look.
Best regards
Markus
--
Markus Klotzbuecher
Freelancer Embedded, Distributed & Real-time Systems
Am See 28, 78465 Konstanz, Germany
www.mkio.de
More information about the U-Boot
mailing list