aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2017-08-04 17:59:46 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2017-08-04 17:59:46 +0200
commit83d7785e413bbfc4c639c855a6e47f64bdc5da9a (patch)
treebe2cb6035dbf4f1c316893d41560587cd2a8d85e
parent6bec24c4f5a2c853c10fd59a56d0d197b5e5fd64 (diff)
downloadbusybox-83d7785e413bbfc4c639c855a6e47f64bdc5da9a.tar.gz
runlevel: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--NOFORK_NOEXEC.lst38
-rw-r--r--miscutils/runlevel.c2
2 files changed, 20 insertions, 20 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 90c802b2a..d6959e363 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -66,21 +66,21 @@ chgrp - noexec. runner
chmod - noexec. runner
chown - noexec. runner
chpasswd - runner (list of "user:password"s from stdin)
-chpst - spawner
-chroot - spawner
-chrt - spawner
+chpst - noexec candidate, spawner
+chroot - noexec candidate, spawner
+chrt - noexec candidate, spawner
chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
cksum - noexec. runner
clear - NOFORK
cmp - runner
comm - runner
-conspy - interactive
+conspy - interactive, longterm
cp - noexec. runner
cpio - runner
crond - daemon
crontab
cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec.
-cttyhack - spawner
+cttyhack - noexec candidate, spawner
cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
dc - runner (eats stdin if no params)
@@ -90,7 +90,7 @@ delgroup
deluser
depmod - complex, rare
devmem - runner, complex (access to device memory may hang)
-df - complex (nested allocs)
+df - leaks: nested allocs
dhcprelay - daemon
diff - runner
dirname - NOFORK
@@ -106,15 +106,15 @@ echo - NOFORK
ed - interactive, longterm
egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds)
-env - noexec. changes state (env)
-envdir - spawner
-envuidgid - spawner
+env - noexec. spawner, changes state (env)
+envdir - noexec candidate, spawner
+envuidgid - noexec candidate, spawner
expand - runner
-expr - complex (nested allocs)
+expr - leaks: nested allocs
factor - runner (eats stdin if no params)
fakeidentd - daemon
false - NOFORK
-fatattr - complex (xopen+xioctl can leak fd)
+fatattr - leaks: open+xioctl, complex
fbset - leaks: open+xfunc, complex, rare
fbsplash - runner, longterm
fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
@@ -134,14 +134,14 @@ free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
freeramdisk - leaks: open+ioctl_or_perror_and_die
fsck - interactive, longterm
fsck.minix
-fsfreeze
-fstrim
+fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl
+fstrim - noexec candidate (it's very simple), leaks: open+xioctl
fsync - NOFORK
ftpd - daemon
ftpget - runner
ftpput - runner
fuser - complex
-getopt - noexec. complex (many allocs)
+getopt - noexec. leaks: many allocs
getty - interactive, longterm
grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory)
groups - noexec
@@ -156,7 +156,7 @@ hostid - NOFORK
hostname - DNS resolution may trigger, need ^C
httpd - daemon
hush - interactive, longterm
-hwclock
+hwclock - talks to hardware (xioctl(RTC_RD_TIME)) - needs ^C
i2cdetect
i2cdump
i2cget
@@ -293,9 +293,9 @@ rmmod - noexec
route
rpm - runner
rpm2cpio - runner
-rtcwake - complex, rare
+rtcwake - puts system to sleep, optimizing this for speed is pointless
run-parts
-runlevel
+runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
runsv - daemon
runsvdir - daemon
rx - runner
@@ -400,10 +400,10 @@ vlock - suid
volname - runner
w
wall - suid
-watch - runner
+watch - longterm
watchdog - daemon
wc - runner
-wget - runner
+wget - longterm
which - NOFORK
who
whoami - NOFORK
diff --git a/miscutils/runlevel.c b/miscutils/runlevel.c
index 6b4742255..0b2098564 100644
--- a/miscutils/runlevel.c
+++ b/miscutils/runlevel.c
@@ -21,7 +21,7 @@
//config: This applet uses utmp but does not rely on busybox supporing
//config: utmp on purpose. It is used by e.g. emdebian via /etc/init.d/rc.
-//applet:IF_RUNLEVEL(APPLET(runlevel, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_RUNLEVEL(APPLET_NOEXEC(runlevel, runlevel, BB_DIR_SBIN, BB_SUID_DROP, runlevel))
//kbuild:lib-$(CONFIG_RUNLEVEL) += runlevel.o