diff options
author | Denys Vlasenko | 2017-08-07 23:14:49 +0200 |
---|---|---|
committer | Denys Vlasenko | 2017-08-07 23:14:49 +0200 |
commit | ae84418d269ea44a710b9effa6d64b6334208973 (patch) | |
tree | 31112b326bd65469884bf3059478f679fdc31ccf | |
parent | a907b828d6e9f1357fc2e1db09d3eb1d3fb9b826 (diff) | |
download | busybox-ae84418d269ea44a710b9effa6d64b6334208973.zip busybox-ae84418d269ea44a710b9effa6d64b6334208973.tar.gz |
losetup: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | NOFORK_NOEXEC.lst | 8 | ||||
-rw-r--r-- | util-linux/losetup.c | 4 |
2 files changed, 6 insertions, 6 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index d7e60b4..a8823be 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -165,8 +165,8 @@ i2cdump - hardware i2cget - hardware i2cset - hardware id - noexec -ifconfig - leaks: xsocket+ioctl_or_perror_and_die -ifenslave - leaks: xsocket+bb_perror_msg_and_die +ifconfig - hardware? (mem_start NN io_addr NN irq NN), leaks: xsocket+ioctl_or_perror_and_die +ifenslave - noexec. leaks: xsocket+bb_perror_msg_and_die ifplugd - daemon inetd - daemon init - daemon @@ -202,7 +202,7 @@ loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return o logger - runner login - suid, interactive, longterm logname - NOFORK -losetup - complex +losetup - noexec. complex lpd - daemon lpq - runner lpr - runner @@ -400,7 +400,7 @@ uuencode - runner vconfig - leaks: xsocket+ioctl_or_perror_and_die vi - interactive, longterm vlock - suid -volname - runner +volname - hardware (reads CDROM, this can take long-ish if need to spin up) w - noexec. nofork candidate(is getutxent ok?) wall - suid watch - longterm diff --git a/util-linux/losetup.c b/util-linux/losetup.c index c608de6..2f7dc10 100644 --- a/util-linux/losetup.c +++ b/util-linux/losetup.c @@ -15,9 +15,9 @@ //config: file or block device, and to query the status of a loop device. This //config: version does not currently support enabling data encryption. -//kbuild:lib-$(CONFIG_LOSETUP) += losetup.o +//applet:IF_LOSETUP(APPLET_NOEXEC(losetup, losetup, BB_DIR_SBIN, BB_SUID_DROP, losetup)) -//applet:IF_LOSETUP(APPLET(losetup, BB_DIR_SBIN, BB_SUID_DROP)) +//kbuild:lib-$(CONFIG_LOSETUP) += losetup.o //usage:#define losetup_trivial_usage //usage: "[-r] [-o OFS] {-f|LOOPDEV} FILE - associate loop devices\n" |