diff options
author | Denys Vlasenko | 2017-08-05 02:02:31 +0200 |
---|---|---|
committer | Denys Vlasenko | 2017-08-05 02:02:31 +0200 |
commit | ff53bee72300ba97c645404a64c7091991ffa110 (patch) | |
tree | 9d02bf1799875859ab4d4ad3928f08fdbb7162d4 | |
parent | fdb92359e47eee8ccd57092928cedccb28ce2f11 (diff) | |
download | busybox-ff53bee72300ba97c645404a64c7091991ffa110.zip busybox-ff53bee72300ba97c645404a64c7091991ffa110.tar.gz |
chvt, deallocvt, dumpkmap, fgconsole, loadkmap: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | NOFORK_NOEXEC.lst | 10 | ||||
-rw-r--r-- | console-tools/chvt.c | 2 | ||||
-rw-r--r-- | console-tools/deallocvt.c | 2 | ||||
-rw-r--r-- | console-tools/dumpkmap.c | 2 | ||||
-rw-r--r-- | console-tools/fgconsole.c | 2 | ||||
-rw-r--r-- | console-tools/loadkmap.c | 2 |
6 files changed, 10 insertions, 10 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 2fc2805..1d23ad9 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -69,7 +69,7 @@ chpasswd - runner (list of "user:password"s from stdin) chpst - noexec. spawner chroot - noexec. spawner chrt - noexec. spawner -chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate. +chvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds cksum - noexec. runner clear - NOFORK cmp - runner @@ -85,7 +85,7 @@ cut - noexec. runner date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) dc - runner (eats stdin if no params) dd - noexec. runner -deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate. +deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds delgroup deluser depmod - complex, rare @@ -100,7 +100,7 @@ dnsdomainname - needs ^C (may talk to DNS servers, which may be down) dos2unix - noexec. runner dpkg - runner du - runner -dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate. +dumpkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds dumpleases - leaks: open+xread echo - NOFORK ed - interactive, longterm @@ -120,7 +120,7 @@ fbsplash - runner, longterm fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare fdformat - needs ^C (floppy may be unresponsive), longterm, rare fdisk - interactive, longterm -fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate. +fgconsole - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory) find - noexec. runner findfs - suid @@ -195,7 +195,7 @@ linux64 - noexec. spawner linuxrc - daemon ln - noexec loadfont - leaks: config_open+bb_error_msg_and_die("map format") -loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate. +loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds logger - runner login - suid, interactive, longterm logname - NOFORK diff --git a/console-tools/chvt.c b/console-tools/chvt.c index d8152de..75380a9 100644 --- a/console-tools/chvt.c +++ b/console-tools/chvt.c @@ -14,7 +14,7 @@ //config: This program is used to change to another terminal. //config: Example: chvt 4 (change to terminal /dev/tty4) -//applet:IF_CHVT(APPLET(chvt, BB_DIR_USR_BIN, BB_SUID_DROP)) +//applet:IF_CHVT(APPLET_NOEXEC(chvt, chvt, BB_DIR_USR_BIN, BB_SUID_DROP, chvt)) //kbuild:lib-$(CONFIG_CHVT) += chvt.o diff --git a/console-tools/deallocvt.c b/console-tools/deallocvt.c index 6ffb147..05731fb 100644 --- a/console-tools/deallocvt.c +++ b/console-tools/deallocvt.c @@ -14,7 +14,7 @@ //config: help //config: This program deallocates unused virtual consoles. -//applet:IF_DEALLOCVT(APPLET(deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP)) +//applet:IF_DEALLOCVT(APPLET_NOEXEC(deallocvt, deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP, deallocvt)) //kbuild:lib-$(CONFIG_DEALLOCVT) += deallocvt.o diff --git a/console-tools/dumpkmap.c b/console-tools/dumpkmap.c index d4e2cf2..5ffb0cd 100644 --- a/console-tools/dumpkmap.c +++ b/console-tools/dumpkmap.c @@ -15,7 +15,7 @@ //config: This program dumps the kernel's keyboard translation table to //config: stdout, in binary format. You can then use loadkmap to load it. -//applet:IF_DUMPKMAP(APPLET(dumpkmap, BB_DIR_BIN, BB_SUID_DROP)) +//applet:IF_DUMPKMAP(APPLET_NOEXEC(dumpkmap, dumpkmap, BB_DIR_BIN, BB_SUID_DROP, dumpkmap)) //kbuild:lib-$(CONFIG_DUMPKMAP) += dumpkmap.o diff --git a/console-tools/fgconsole.c b/console-tools/fgconsole.c index 64311f6..a353bec 100644 --- a/console-tools/fgconsole.c +++ b/console-tools/fgconsole.c @@ -13,7 +13,7 @@ //config: help //config: This program prints active (foreground) console number. -//applet:IF_FGCONSOLE(APPLET(fgconsole, BB_DIR_USR_BIN, BB_SUID_DROP)) +//applet:IF_FGCONSOLE(APPLET_NOEXEC(fgconsole, fgconsole, BB_DIR_USR_BIN, BB_SUID_DROP, fgconsole)) //kbuild:lib-$(CONFIG_FGCONSOLE) += fgconsole.o diff --git a/console-tools/loadkmap.c b/console-tools/loadkmap.c index 839dc20..404aba1 100644 --- a/console-tools/loadkmap.c +++ b/console-tools/loadkmap.c @@ -14,7 +14,7 @@ //config: This program loads a keyboard translation table from //config: standard input. -//applet:IF_LOADKMAP(APPLET(loadkmap, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_LOADKMAP(APPLET_NOEXEC(loadkmap, loadkmap, BB_DIR_SBIN, BB_SUID_DROP, loadkmap)) //kbuild:lib-$(CONFIG_LOADKMAP) += loadkmap.o |