From feb79e8742eb3cef211804dadcc7f3ddfd154c72 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sat, 5 Aug 2017 02:08:23 +0200 Subject: cryptpw, mkpasswd: make them NOEXEC Signed-off-by: Denys Vlasenko --- NOFORK_NOEXEC.lst | 4 ++-- loginutils/cryptpw.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 1d23ad962..1bb571b9c 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -79,7 +79,7 @@ cp - noexec. runner cpio - runner crond - daemon crontab 0 leaks: open+xasprintf -cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate. +cryptpw - noexec. changes state: with --password-fd=N, moves N to stdin cttyhack - noexec. spawner cut - noexec. runner date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) @@ -229,7 +229,7 @@ mkfs.ext2 - needs ^C mkfs.minix - needs ^C mkfs.vfat - needs ^C mknod - noexec -mkpasswd - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate. +mkpasswd - noexec. changes state: with --password-fd=N, moves N to stdin mkswap - needs ^C mktemp - noexec. leaks: xstrdup+concat_path_file modinfo - noexec diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c index f8906c59a..136c619bb 100644 --- a/loginutils/cryptpw.c +++ b/loginutils/cryptpw.c @@ -24,9 +24,9 @@ //config: using the given salt. Debian has this utility under mkpasswd //config: name. Busybox provides mkpasswd as an alias for cryptpw. -//applet:IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP)) -// APPLET_ODDNAME:name main location suid_type help -//applet:IF_MKPASSWD(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw)) +//applet:IF_CRYPTPW( APPLET_NOEXEC(cryptpw, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw)) +// APPLET_NOEXEC:name main location suid_type help +//applet:IF_MKPASSWD(APPLET_NOEXEC(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw)) //kbuild:lib-$(CONFIG_CRYPTPW) += cryptpw.o //kbuild:lib-$(CONFIG_MKPASSWD) += cryptpw.o -- cgit v1.2.3