From mboxrd@z Thu Jan 1 00:00:00 1970 From: Markus Klotzbuecher Date: Wed, 29 Jan 2020 09:44:19 +0100 Subject: [U-Boot] [PATCH v2 1/9] moveconfig: expand simple expressions In-Reply-To: <4cb03cb2-9214-ebf9-e1cd-2fe8c5ee4c43@gmx.de> References: <20190515131600.28798-1-mk@mkio.de> <20190515131600.28798-2-mk@mkio.de> <4cb03cb2-9214-ebf9-e1cd-2fe8c5ee4c43@gmx.de> Message-ID: <20200129084419.GA4161132@e495> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Heinrich On Sat, Jan 25, 2020 at 10:46:04PM +0100, Heinrich Schuchardt wrote: >On 5/15/19 3:15 PM, Markus Klotzbuecher wrote: >> From: Markus Klotzbuecher >> >> Add support for expanding simple expressions and sizes such as >> "(4 * 1024)", "(512 << 10)" or "(SZ_256K)". >> >> This can help to significantly reduce the number of "suspicious" >> moves, such as >> >> 'CONFIG_ENV_SIZE="(64 << 10)"' was removed by savedefconfig. >> >> If the expansion fails, it falls back to the original string. >> >> Signed-off-by: Markus Klotzbuecher >> Cc: Masahiro Yamada >> Cc: Heiko Schocher >> --- >> Changes for v2: new patch >> >> tools/moveconfig.py | 41 +++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 41 insertions(+) >> >> diff --git a/tools/moveconfig.py b/tools/moveconfig.py >> index 1a214c5605..0bbc7c1991 100755 >> --- a/tools/moveconfig.py >> +++ b/tools/moveconfig.py >> @@ -354,6 +354,26 @@ CONFIG_DATABASE = 'moveconfig.db' >> >> CONFIG_LEN = len('CONFIG_') >> >> +SIZES = { >> + "SZ_1": 0x00000001, "SZ_2": 0x00000002, >> + "SZ_4": 0x00000004, "SZ_8": 0x00000008, >> + "SZ_16": 0x00000010, "SZ_32": 0x00000020, >> + "SZ_64": 0x00000040, "SZ_128": 0x00000080, >> + "SZ_256": 0x00000100, "SZ_512": 0x00000200, >> + "SZ_1K": 0x00000400, "SZ_2K": 0x00000800, >> + "SZ_4K": 0x00001000, "SZ_8K": 0x00002000, >> + "SZ_16K": 0x00004000, "SZ_32K": 0x00008000, >> + "SZ_64K": 0x00010000, "SZ_128K": 0x00020000, >> + "SZ_256K": 0x00040000, "SZ_512K": 0x00080000, >> + "SZ_1M": 0x00100000, "SZ_2M": 0x00200000, >> + "SZ_4M": 0x00400000, "SZ_8M": 0x00800000, >> + "SZ_16M": 0x01000000, "SZ_32M": 0x02000000, >> + "SZ_64M": 0x04000000, "SZ_128M": 0x08000000, >> + "SZ_256M": 0x10000000, "SZ_512M": 0x20000000, >> + "SZ_1G": 0x40000000, "SZ_2G": 0x80000000, >> + "SZ_4G": 0x100000000 >> +} >> + >> ### helper functions ### >> def get_devnull(): >> """Get the file object of '/dev/null' device.""" >> @@ -777,6 +797,25 @@ def cleanup_readme(configs, options): >> with open('README', 'w') as f: >> f.write(''.join(newlines)) >> >> +def try_expand(line): >> + """If value looks like an expression, try expanding it >> + Otherwise just return the existing value >> + """ >> + if line.find('=') == -1: >> + return line >> + >> + try: >> + cfg, val = re.split("=", line) >> + val= val.strip('\"') >> + if re.search("[*+-/]|<<|SZ_+|\(([^\)]+)\)", val): >> + newval = hex(eval(val, SIZES)) > >The if clause evaluates to true for values like: > > val = "os.execl('/sbin/fdisk')" > >As eval() can be used to execute arbitrary commands this patch should be >corrected. Fair point. I took a quick look at python sandboxing, and apparently it's difficult to be done in a secure way (see pysandbox). As introducing a CONFIG with something like the above clearly has malicious intent, just preventing "accidential" execution will not be sufficient. Perhaps we can use ast.literal_eval instead. I'll take a closer look. Best regards Markus -- Markus Klotzbuecher Freelancer Embedded, Distributed & Real-time Systems Am See 28, 78465 Konstanz, Germany www.mkio.de