aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2017-08-05 02:02:31 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2017-08-05 02:02:31 +0200
commitff53bee72300ba97c645404a64c7091991ffa110 (patch)
tree9d02bf1799875859ab4d4ad3928f08fdbb7162d4
parentfdb92359e47eee8ccd57092928cedccb28ce2f11 (diff)
downloadbusybox-ff53bee72300ba97c645404a64c7091991ffa110.tar.gz
chvt, deallocvt, dumpkmap, fgconsole, loadkmap: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--NOFORK_NOEXEC.lst10
-rw-r--r--console-tools/chvt.c2
-rw-r--r--console-tools/deallocvt.c2
-rw-r--r--console-tools/dumpkmap.c2
-rw-r--r--console-tools/fgconsole.c2
-rw-r--r--console-tools/loadkmap.c2
6 files changed, 10 insertions, 10 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 2fc280596..1d23ad962 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -69,7 +69,7 @@ chpasswd - runner (list of "user:password"s from stdin)
chpst - noexec. spawner
chroot - noexec. spawner
chrt - noexec. spawner
-chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+chvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
cksum - noexec. runner
clear - NOFORK
cmp - runner
@@ -85,7 +85,7 @@ cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
dc - runner (eats stdin if no params)
dd - noexec. runner
-deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
delgroup
deluser
depmod - complex, rare
@@ -100,7 +100,7 @@ dnsdomainname - needs ^C (may talk to DNS servers, which may be down)
dos2unix - noexec. runner
dpkg - runner
du - runner
-dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+dumpkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
dumpleases - leaks: open+xread
echo - NOFORK
ed - interactive, longterm
@@ -120,7 +120,7 @@ fbsplash - runner, longterm
fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
fdformat - needs ^C (floppy may be unresponsive), longterm, rare
fdisk - interactive, longterm
-fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+fgconsole - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory)
find - noexec. runner
findfs - suid
@@ -195,7 +195,7 @@ linux64 - noexec. spawner
linuxrc - daemon
ln - noexec
loadfont - leaks: config_open+bb_error_msg_and_die("map format")
-loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
logger - runner
login - suid, interactive, longterm
logname - NOFORK
diff --git a/console-tools/chvt.c b/console-tools/chvt.c
index d8152de6b..75380a90b 100644
--- a/console-tools/chvt.c
+++ b/console-tools/chvt.c
@@ -14,7 +14,7 @@
//config: This program is used to change to another terminal.
//config: Example: chvt 4 (change to terminal /dev/tty4)
-//applet:IF_CHVT(APPLET(chvt, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_CHVT(APPLET_NOEXEC(chvt, chvt, BB_DIR_USR_BIN, BB_SUID_DROP, chvt))
//kbuild:lib-$(CONFIG_CHVT) += chvt.o
diff --git a/console-tools/deallocvt.c b/console-tools/deallocvt.c
index 6ffb1471e..05731fb78 100644
--- a/console-tools/deallocvt.c
+++ b/console-tools/deallocvt.c
@@ -14,7 +14,7 @@
//config: help
//config: This program deallocates unused virtual consoles.
-//applet:IF_DEALLOCVT(APPLET(deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_DEALLOCVT(APPLET_NOEXEC(deallocvt, deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP, deallocvt))
//kbuild:lib-$(CONFIG_DEALLOCVT) += deallocvt.o
diff --git a/console-tools/dumpkmap.c b/console-tools/dumpkmap.c
index d4e2cf281..5ffb0cddb 100644
--- a/console-tools/dumpkmap.c
+++ b/console-tools/dumpkmap.c
@@ -15,7 +15,7 @@
//config: This program dumps the kernel's keyboard translation table to
//config: stdout, in binary format. You can then use loadkmap to load it.
-//applet:IF_DUMPKMAP(APPLET(dumpkmap, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_DUMPKMAP(APPLET_NOEXEC(dumpkmap, dumpkmap, BB_DIR_BIN, BB_SUID_DROP, dumpkmap))
//kbuild:lib-$(CONFIG_DUMPKMAP) += dumpkmap.o
diff --git a/console-tools/fgconsole.c b/console-tools/fgconsole.c
index 64311f6ea..a353becd5 100644
--- a/console-tools/fgconsole.c
+++ b/console-tools/fgconsole.c
@@ -13,7 +13,7 @@
//config: help
//config: This program prints active (foreground) console number.
-//applet:IF_FGCONSOLE(APPLET(fgconsole, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_FGCONSOLE(APPLET_NOEXEC(fgconsole, fgconsole, BB_DIR_USR_BIN, BB_SUID_DROP, fgconsole))
//kbuild:lib-$(CONFIG_FGCONSOLE) += fgconsole.o
diff --git a/console-tools/loadkmap.c b/console-tools/loadkmap.c
index 839dc2083..404aba1fb 100644
--- a/console-tools/loadkmap.c
+++ b/console-tools/loadkmap.c
@@ -14,7 +14,7 @@
//config: This program loads a keyboard translation table from
//config: standard input.
-//applet:IF_LOADKMAP(APPLET(loadkmap, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_LOADKMAP(APPLET_NOEXEC(loadkmap, loadkmap, BB_DIR_SBIN, BB_SUID_DROP, loadkmap))
//kbuild:lib-$(CONFIG_LOADKMAP) += loadkmap.o