From 7b8372b81926ef6aa8d91945a95261bbb93d0b9e Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 7 Aug 2017 00:28:15 +0200
Subject: add/remove-shell,add/deluser,add/delgroup: make them NOEXEC

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 NOFORK_NOEXEC.lst | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'NOFORK_NOEXEC.lst')

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 9c8df23ab..ac04f75da 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -36,9 +36,9 @@ IOW: rm is "interactive", but not "longterm".
 [ - NOFORK
 [[ - NOFORK
 acpid - daemon
-add-shell
-addgroup
-adduser
+add-shell - noexec. leaks: open+xfunc
+addgroup - noexec. leaks
+adduser - noexec. leaks
 adjtimex - NOFORK
 ar - runner
 arch - NOFORK
@@ -86,8 +86,8 @@ date - noexec. nofork candidate(needs to stop messing up env, free xasprintf res
 dc - runner (eats stdin if no params)
 dd - noexec. runner
 deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
-delgroup
-deluser
+delgroup - noexec. leaks
+deluser - noexec. leaks
 depmod - complex, rare
 devmem - runner, complex (access to device memory may hang)
 df - leaks: nested allocs
@@ -282,7 +282,7 @@ readprofile - reads /boot/System.map and /proc/profile, better to free more memo
 realpath - NOFORK
 reboot - rare
 reformime - runner
-remove-shell
+remove-shell - noexec. leaks: open+xfunc
 renice - nofork candidate(uses getpwnam, is that ok?)
 reset - noexec. spawner (execs "stty")
 resize - noexec. changes state (signal handlers)
-- 
cgit v1.2.3