diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2011-02-02 18:38:57 +0100 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2011-02-02 18:38:57 +0100 |
commit | b72baeb00328576df415f9a4b4f3d5f202e3be11 (patch) | |
tree | c6863cb112e6e33908e17f298d541c1b0c3aa418 /docs | |
parent | c71b469f5daceb717e31cc9ce46b0e058e2c57b6 (diff) | |
download | busybox-b72baeb00328576df415f9a4b4f3d5f202e3be11.tar.gz |
hush: use FEATURE_SH_NOFORK to enable NOFORK trick
Also expands docs
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/nofork_noexec.txt | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/docs/nofork_noexec.txt b/docs/nofork_noexec.txt index 06c789aff..c58f5a83f 100644 --- a/docs/nofork_noexec.txt +++ b/docs/nofork_noexec.txt @@ -44,9 +44,11 @@ NOEXEC trick is disabled for NOMMU build. NOFORK NOFORK applet should work correctly if another applet simply runs -<applet>_main(argc,argv) and then continues with its business (xargs, -find, shells can do it). This poses much more serious limitations -on what applet can/cannot do: +<applet>_main(argc,argv) and then continues with its business. +xargs, find, shells do it (grep for "spawn_and_wait" and +"run_nofork_applet" to find more users). + +This poses much more serious limitations on what applet can do: * all NOEXEC limitations apply. * do not ever exit() or exec(). @@ -56,7 +58,7 @@ on what applet can/cannot do: is taken from xfunc_error_retval. - fflush_stdout_and_exit(n) is ok to use. * do not use shared global data, or save/restore shared global data - prior to returning. (e.g. bb_common_bufsiz1 is off-limits). + (e.g. bb_common_bufsiz1) prior to returning. - getopt32() is ok to use. You do not need to save/restore option_mask32, it is already done by core code. * if you allocate memory, you can use xmalloc() only on the very first @@ -77,3 +79,20 @@ script loops. Applets which mess with signal handlers, termios etc are probably not worth the effort. Any NOFORK applet is also a NOEXEC applet. + + + Relevant CONFIG options + +FEATURE_PREFER_APPLETS + BB_EXECVP(cmd, argv) will try to exec /proc/self/exe + if command's name matches some applet name + applet tables will contain NOFORK/NOEXEC bits + spawn_and_wait(argv) will do NOFORK/NOEXEC tricks + +FEATURE_SH_STANDALONE (needs FEATURE_PREFER_APPLETS=y) + shells will try to exec /proc/self/exe if command's name matches + some applet name + shells will do NOEXEC trick on NOEXEC applets + +FEATURE_SH_NOFORK (needs FEATURE_PREFER_APPLETS=y) + shells will do NOFORK trick on NOFORK applets |