aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2017-08-05 23:21:02 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2017-08-05 23:21:02 +0200
commit83a6c8d58b3209a1238d24b50c6b717a7c67d1b4 (patch)
tree7d223184400136a9def184b8d4948dc04251452e
parent00c1811d87ea9019c2beda0d182150792c6bb053 (diff)
downloadbusybox-83a6c8d58b3209a1238d24b50c6b717a7c67d1b4.tar.gz
umount: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--NOFORK_NOEXEC.lst2
-rw-r--r--util-linux/umount.c13
2 files changed, 13 insertions, 2 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index fbba3adb3..8b35df289 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -378,7 +378,7 @@ udhcpc - daemon
udhcpd - daemon
udpsvd - daemon
uevent - daemon
-umount - noexec candidate, leaks: nested xmalloc
+umount - noexec. leaks: nested xmalloc
uname - NOFORK
uncompress - runner
unexpand - runner
diff --git a/util-linux/umount.c b/util-linux/umount.c
index 122c0f579..33667b13c 100644
--- a/util-linux/umount.c
+++ b/util-linux/umount.c
@@ -24,7 +24,18 @@
//config: help
//config: Support -a option to unmount all currently mounted filesystems.
-//applet:IF_UMOUNT(APPLET(umount, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_UMOUNT(APPLET_NOEXEC(umount, umount, BB_DIR_BIN, BB_SUID_DROP, umount))
+/*
+ * On one hand, in some weird situations you'd want umount
+ * to not do anything surprising, to behave as a usual fork+execed executable.
+ *
+ * OTOH, there can be situations where execing would not succeed, or even hang
+ * (say, if executable is on a filesystem which is in trouble and accesses to it
+ * block in kernel).
+ * In this case, you might be actually happy if your standalone bbox shell
+ * does not fork+exec, but only forks and calls umount_main() which it already has!
+ * Let's go with NOEXEC.
+ */
//kbuild:lib-$(CONFIG_UMOUNT) += umount.o