From 99125c04950a7ba2ac90dc21c3d924fe9dd95651 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sat, 5 Aug 2017 20:38:04 +0200 Subject: chattr,lsattr,tune2fs: make them NOEXEC Signed-off-by: Denys Vlasenko --- NOFORK_NOEXEC.lst | 6 +++--- e2fsprogs/chattr.c | 2 +- e2fsprogs/lsattr.c | 3 ++- e2fsprogs/tune2fs.c | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 78d06f3f5..0b6528d94 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -61,7 +61,7 @@ bzip2 - runner cal - runner: cal -n9999 cat - runner chat - needs ^C to work -chattr - runner +chattr - noexec. runner chgrp - noexec. runner chmod - noexec. runner chown - noexec. runner @@ -204,7 +204,7 @@ lpd - daemon lpq - runner lpr - runner ls - noexec. runner -lsattr - runner. noexec candidate (ls is, why not this one?) +lsattr - noexec. runner lsmod - noexec lsof - complex lspci - noexec candidate, too rare to bother for nofork @@ -366,7 +366,7 @@ truncate - NOFORK tty - NOFORK ttysize - NOFORK tunctl -tune2fs - leaks: open+xfunc +tune2fs - noexec. leaks: open+xfunc ubiattach ubidetach ubimkvol diff --git a/e2fsprogs/chattr.c b/e2fsprogs/chattr.c index bb870a990..76a5253b6 100644 --- a/e2fsprogs/chattr.c +++ b/e2fsprogs/chattr.c @@ -15,7 +15,7 @@ //config: help //config: chattr changes the file attributes on a second extended file system. -//applet:IF_CHATTR(APPLET(chattr, BB_DIR_BIN, BB_SUID_DROP)) +//applet:IF_CHATTR(APPLET_NOEXEC(chattr, chattr, BB_DIR_BIN, BB_SUID_DROP, chattr)) //kbuild:lib-$(CONFIG_CHATTR) += chattr.o e2fs_lib.o diff --git a/e2fsprogs/lsattr.c b/e2fsprogs/lsattr.c index 756d26832..56c1187c1 100644 --- a/e2fsprogs/lsattr.c +++ b/e2fsprogs/lsattr.c @@ -16,7 +16,8 @@ //config: help //config: lsattr lists the file attributes on a second extended file system. -//applet:IF_LSATTR(APPLET(lsattr, BB_DIR_BIN, BB_SUID_DROP)) +//applet:IF_LSATTR(APPLET_NOEXEC(lsattr, lsattr, BB_DIR_BIN, BB_SUID_DROP, lsattr)) +/* ls is NOEXEC, so we should be too! ;) */ //kbuild:lib-$(CONFIG_LSATTR) += lsattr.o e2fs_lib.o diff --git a/e2fsprogs/tune2fs.c b/e2fsprogs/tune2fs.c index 95411db5f..9f14b26ec 100644 --- a/e2fsprogs/tune2fs.c +++ b/e2fsprogs/tune2fs.c @@ -13,7 +13,7 @@ //config: tune2fs allows the system administrator to adjust various tunable //config: filesystem parameters on Linux ext2/ext3 filesystems. -//applet:IF_TUNE2FS(APPLET(tune2fs, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_TUNE2FS(APPLET_NOEXEC(tune2fs, tune2fs, BB_DIR_SBIN, BB_SUID_DROP, tune2fs)) //TODO alias to "tune2fs -L LABEL": //applet:IF_E2LABEL(APPLET_ODDNAME(e2label, tune2fs, BB_DIR_SBIN, BB_SUID_DROP, e2label)) -- cgit v1.2.3