diff options
author | Denys Vlasenko | 2017-08-04 17:59:46 +0200 |
---|---|---|
committer | Denys Vlasenko | 2017-08-04 17:59:46 +0200 |
commit | 83d7785e413bbfc4c639c855a6e47f64bdc5da9a (patch) | |
tree | be2cb6035dbf4f1c316893d41560587cd2a8d85e | |
parent | 6bec24c4f5a2c853c10fd59a56d0d197b5e5fd64 (diff) | |
download | busybox-83d7785e413bbfc4c639c855a6e47f64bdc5da9a.zip busybox-83d7785e413bbfc4c639c855a6e47f64bdc5da9a.tar.gz |
runlevel: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | NOFORK_NOEXEC.lst | 38 | ||||
-rw-r--r-- | miscutils/runlevel.c | 2 |
2 files changed, 20 insertions, 20 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 90c802b..d6959e3 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -66,21 +66,21 @@ chgrp - noexec. runner chmod - noexec. runner chown - noexec. runner chpasswd - runner (list of "user:password"s from stdin) -chpst - spawner -chroot - spawner -chrt - spawner +chpst - noexec candidate, spawner +chroot - noexec candidate, spawner +chrt - noexec candidate, spawner chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. cksum - noexec. runner clear - NOFORK cmp - runner comm - runner -conspy - interactive +conspy - interactive, longterm cp - noexec. runner cpio - runner crond - daemon crontab cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec. -cttyhack - spawner +cttyhack - noexec candidate, spawner cut - noexec. runner date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) dc - runner (eats stdin if no params) @@ -90,7 +90,7 @@ delgroup deluser depmod - complex, rare devmem - runner, complex (access to device memory may hang) -df - complex (nested allocs) +df - leaks: nested allocs dhcprelay - daemon diff - runner dirname - NOFORK @@ -106,15 +106,15 @@ echo - NOFORK ed - interactive, longterm egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory) eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds) -env - noexec. changes state (env) -envdir - spawner -envuidgid - spawner +env - noexec. spawner, changes state (env) +envdir - noexec candidate, spawner +envuidgid - noexec candidate, spawner expand - runner -expr - complex (nested allocs) +expr - leaks: nested allocs factor - runner (eats stdin if no params) fakeidentd - daemon false - NOFORK -fatattr - complex (xopen+xioctl can leak fd) +fatattr - leaks: open+xioctl, complex fbset - leaks: open+xfunc, complex, rare fbsplash - runner, longterm fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare @@ -134,14 +134,14 @@ free - nofork candidate(struct globals, needs to close /proc/meminfo fd) freeramdisk - leaks: open+ioctl_or_perror_and_die fsck - interactive, longterm fsck.minix -fsfreeze -fstrim +fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl +fstrim - noexec candidate (it's very simple), leaks: open+xioctl fsync - NOFORK ftpd - daemon ftpget - runner ftpput - runner fuser - complex -getopt - noexec. complex (many allocs) +getopt - noexec. leaks: many allocs getty - interactive, longterm grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory) groups - noexec @@ -156,7 +156,7 @@ hostid - NOFORK hostname - DNS resolution may trigger, need ^C httpd - daemon hush - interactive, longterm -hwclock +hwclock - talks to hardware (xioctl(RTC_RD_TIME)) - needs ^C i2cdetect i2cdump i2cget @@ -293,9 +293,9 @@ rmmod - noexec route rpm - runner rpm2cpio - runner -rtcwake - complex, rare +rtcwake - puts system to sleep, optimizing this for speed is pointless run-parts -runlevel +runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother? runsv - daemon runsvdir - daemon rx - runner @@ -400,10 +400,10 @@ vlock - suid volname - runner w wall - suid -watch - runner +watch - longterm watchdog - daemon wc - runner -wget - runner +wget - longterm which - NOFORK who whoami - NOFORK diff --git a/miscutils/runlevel.c b/miscutils/runlevel.c index 6b47422..0b20985 100644 --- a/miscutils/runlevel.c +++ b/miscutils/runlevel.c @@ -21,7 +21,7 @@ //config: This applet uses utmp but does not rely on busybox supporing //config: utmp on purpose. It is used by e.g. emdebian via /etc/init.d/rc. -//applet:IF_RUNLEVEL(APPLET(runlevel, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_RUNLEVEL(APPLET_NOEXEC(runlevel, runlevel, BB_DIR_SBIN, BB_SUID_DROP, runlevel)) //kbuild:lib-$(CONFIG_RUNLEVEL) += runlevel.o |