diff options
author | Denys Vlasenko | 2017-08-04 19:55:01 +0200 |
---|---|---|
committer | Denys Vlasenko | 2017-08-04 19:55:01 +0200 |
commit | 5c527dc57e74c1b60c910dc1a3f3ec9683fca43d (patch) | |
tree | 03bbbda1f4869c079f381bea45c1cdbf6fcd35a7 /loginutils | |
parent | 6514785f95878911b3ec88e2367234df74c14cd4 (diff) | |
download | busybox-5c527dc57e74c1b60c910dc1a3f3ec9683fca43d.zip busybox-5c527dc57e74c1b60c910dc1a3f3ec9683fca43d.tar.gz |
make 17 state-changing execing applets (ex: "nice PROG ARGS") noexec
The applets with "<applet> [opts] PROG ARGS" API very quickly exec
another program, noexec is okay for them:
chpst/envdir/envuidgid/softlimit/setuidgid
chroot
chrt
ionice
nice
nohup
setarch/linux32/linux64
taskset
cttyhack
"reset" and "sulogin" applets don't have this form, but also exec
another program at once, thus made noexec too.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'loginutils')
-rw-r--r-- | loginutils/sulogin.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c index d5a463c..27ea5df 100644 --- a/loginutils/sulogin.c +++ b/loginutils/sulogin.c @@ -12,7 +12,7 @@ //config: sulogin is invoked when the system goes into single user //config: mode (this is done through an entry in inittab). -//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_SULOGIN(APPLET_NOEXEC(sulogin, sulogin, BB_DIR_SBIN, BB_SUID_DROP, sulogin)) //kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o @@ -34,7 +34,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv) /* Note: sulogin is not a suid app. It is meant to be run by init * for single user / emergency mode. init starts it as root. - * Normal users (potentially malisious ones) can only run it under + * Normal users (potentially malicious ones) can only run it under * their UID, therefore no paranoia here is warranted: * $LD_LIBRARY_PATH in env, TTY = /dev/sda * are no more dangerous here than in e.g. cp applet. |