summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2018-01-14 14:41:52 +0100
committerDenys Vlasenko2018-01-14 14:41:52 +0100
commit88663e481f3284225ea0ceaf97f3904adedb21a2 (patch)
treed65941d5e313bcc74b415273a3f51eecc998cc40
parentcbdc37cae079d6b52ca39fb6c1dd6eadab48b617 (diff)
downloadbusybox-88663e481f3284225ea0ceaf97f3904adedb21a2.zip
busybox-88663e481f3284225ea0ceaf97f3904adedb21a2.tar.gz
mv: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--NOFORK_NOEXEC.lst4
-rw-r--r--coreutils/cp.c1
-rw-r--r--coreutils/mv.c3
3 files changed, 5 insertions, 3 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 21a3b41..055f9fb 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -89,7 +89,7 @@ clear - NOFORK
cmp - runner
comm - runner
conspy - interactive, longterm
-cp - noexec. runner
+cp - noexec. sometimes runner
cpio - runner
crond - daemon
crontab - longterm (runs $EDITOR), leaks: open+xasprintf
@@ -255,7 +255,7 @@ mount - suid
mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
mpstat - longterm: "mpstat 1" runs indefinitely
mt - hardware
-mv - noexec candidate, runner
+mv - noexec. sometimes runner
nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
nbd-client - noexec
nc - runner
diff --git a/coreutils/cp.c b/coreutils/cp.c
index 5b34c27..05c725c 100644
--- a/coreutils/cp.c
+++ b/coreutils/cp.c
@@ -26,6 +26,7 @@
//config: Also add support for --parents option.
//applet:IF_CP(APPLET_NOEXEC(cp, cp, BB_DIR_BIN, BB_SUID_DROP, cp))
+/* NOEXEC despite cases when it can be a "runner" (cp -r LARGE_DIR NEW_DIR) */
//kbuild:lib-$(CONFIG_CP) += cp.o
diff --git a/coreutils/mv.c b/coreutils/mv.c
index 10cbc50..aeafd1e 100644
--- a/coreutils/mv.c
+++ b/coreutils/mv.c
@@ -17,7 +17,8 @@
//config: help
//config: mv is used to move or rename files or directories.
-//applet:IF_MV(APPLET(mv, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_MV(APPLET_NOEXEC(mv, mv, BB_DIR_BIN, BB_SUID_DROP, mv))
+/* NOEXEC despite cases when it can be a "runner" (mv LARGE_DIR OTHER_FS) */
//kbuild:lib-$(CONFIG_MV) += mv.o