2017-08-03 03:29:32 +02:00
Why an applet can't be NOFORK or NOEXEC?
Why can't be NOFORK:
interactive: may wait for user input, ^C has to work
2017-08-04 16:01:39 +02:00
spawner: "tool PROG ARGS" which changes program state and execs - must fork
2017-08-03 03:29:32 +02:00
changes state: e.g. environment, signal handlers
2017-08-04 16:01:39 +02:00
leaks: does not free allocated memory or opened fds
2017-08-07 16:47:34 +02:00
alloc+xfunc: xmalloc, then xfunc - leaks memory if xfunc dies
open+xfunc: opens fd, then calls xfunc - fd is leaked if xfunc dies
2017-08-08 00:42:15 +02:00
talks to network/serial/etc: it's not known how long the delay can be,
it's reasonable to expect it might be many seconds
(even if usually it is not), so ^C has to work
2017-08-03 19:00:01 +02:00
runner: sometimes may run for long(ish) time, and/or works with network:
2017-08-03 03:29:32 +02:00
^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
2017-08-04 16:01:39 +02:00
"runners" can become eligible after shell is taught ^C to interrupt NOFORKs,
2017-08-04 17:36:16 +02:00
need to be inspected that they do not fall into alloc+xfunc, open+xfunc,
leak categories.
2017-08-03 03:29:32 +02:00
Why can't be NOEXEC:
suid: runs under different uid - must fork+exec
2017-08-07 18:18:09 +02:00
if it's important that /proc/PID/cmdline and comm are correct.
("pkill sh" killing itself before it kills real "sh" is no fun)
2017-08-03 03:29:32 +02:00
Why shouldn't be NOFORK/NOEXEC:
2017-08-04 16:01:39 +02:00
rare: not started often enough to bother optimizing (example: poweroff)
daemon: runs indefinitely; these are also always fit "rare" category
2017-08-04 19:55:01 +02:00
longterm: often runs for a long time (many seconds), execing makes
2017-08-03 19:00:01 +02:00
memory footprint smaller
2017-08-04 16:01:39 +02:00
complex: no immediately obvious reason why NOFORK wouldn't work,
2017-08-04 17:36:16 +02:00
but does some non-obvoius operations (example: fuser, lsof, losetup);
detailed audit often turns out that it's a leaker
2017-08-07 16:47:34 +02:00
hardware: performs unusual hardware ops which may take long,
or even hang due to hardware or firmware bugs
2017-08-04 17:36:16 +02:00
Interesting example of "interactive" applet which is nevertheless can be
(and is) NOEXEC is "rm". Yes, "rm -i" is interactive - but it's not that typical
for users to keep it waiting for many minutes, whereas running "rm" in shell
is very typical, and speeding up this common use via NOEXEC is useful.
IOW: rm is "interactive", but not "longterm".
2017-08-09 19:51:17 +02:00
Interesting example of an applet which can be NOFORK but if not,
then should not be NOEXEC, is "usleep". As NOFORK, it amount to simply
nanosleep()ing in the calling program (usually shell). No memory wasted.
But if ran as NOEXEC, it would create a potentially long-term process,
which would be taking more memory because it did not exec
and did not free much of the copied memory of the parent
(COW helps with this only as long as parent doesn't modify its memory).
2017-08-03 03:29:32 +02:00
[ - NOFORK
[[ - NOFORK
acpid - daemon
2017-08-07 00:28:15 +02:00
add-shell - noexec. leaks: open+xfunc
addgroup - noexec. leaks
adduser - noexec. leaks
2017-08-06 20:00:21 +02:00
adjtimex - NOFORK
2017-08-03 03:29:32 +02:00
ar - runner
arch - NOFORK
2017-08-08 00:42:15 +02:00
arp - talks to network: arp -n queries DNS
2017-08-07 16:47:34 +02:00
arping - longterm
2017-08-04 17:36:16 +02:00
ash - interactive, longterm
2017-08-03 19:00:01 +02:00
awk - noexec. runner
2017-08-03 03:29:32 +02:00
base64 - runner
basename - NOFORK
2017-08-06 20:39:27 +02:00
beep - longterm: beep -r 999999999
2017-08-06 20:20:47 +02:00
blkdiscard - noexec. leaks: open+xioctl
2017-08-06 20:16:28 +02:00
blkid - noexec
2017-08-05 01:29:12 +02:00
blockdev - noexec. leaks fd
2017-08-03 03:29:32 +02:00
bootchartd - daemon
2017-08-06 20:14:02 +02:00
brctl - noexec
2017-08-03 03:29:32 +02:00
bunzip2 - runner
bzcat - runner
bzip2 - runner
2017-08-03 19:00:01 +02:00
cal - runner: cal -n9999
2017-08-08 00:42:15 +02:00
cat - runner: cat HUGEFILE
chat - longterm (when used as intended - talking to modem over stdin/out)
2017-08-05 20:38:04 +02:00
chattr - noexec. runner
2017-08-03 19:00:01 +02:00
chgrp - noexec. runner
chmod - noexec. runner
chown - noexec. runner
2017-08-08 00:42:15 +02:00
chpasswd - longterm? (list of "user:password"s from stdin)
2017-08-04 19:55:01 +02:00
chpst - noexec. spawner
chroot - noexec. spawner
chrt - noexec. spawner
2017-08-05 02:02:31 +02:00
chvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
2017-08-03 19:00:01 +02:00
cksum - noexec. runner
2017-08-03 03:29:32 +02:00
clear - NOFORK
cmp - runner
comm - runner
2017-08-04 17:59:46 +02:00
conspy - interactive, longterm
2017-08-03 19:00:01 +02:00
cp - noexec. runner
2017-08-03 03:29:32 +02:00
cpio - runner
crond - daemon
2017-08-06 17:14:09 +02:00
crontab - longterm (runs $EDITOR), leaks: open+xasprintf
2017-08-05 02:08:23 +02:00
cryptpw - noexec. changes state: with --password-fd=N, moves N to stdin
2017-08-04 19:55:01 +02:00
cttyhack - noexec. spawner
2017-08-03 19:00:01 +02:00
cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
2017-08-07 23:30:22 +02:00
dc - longterm (eats stdin if no params)
2017-08-03 19:00:01 +02:00
dd - noexec. runner
2017-08-05 02:02:31 +02:00
deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
2017-08-07 00:28:15 +02:00
delgroup - noexec. leaks
deluser - noexec. leaks
2017-08-07 16:47:34 +02:00
depmod - longterm(ish)
2017-08-07 22:19:17 +02:00
devmem - hardware (access to device memory may hang)
df - noexec. leaks: nested allocs
2017-08-03 03:29:32 +02:00
dhcprelay - daemon
diff - runner
dirname - NOFORK
2017-08-03 19:00:01 +02:00
dmesg - runner
2017-08-03 03:29:32 +02:00
dnsd - daemon
2017-08-08 00:42:15 +02:00
dnsdomainname - noexec. talks to network (may query DNS)
2017-08-03 19:00:01 +02:00
dos2unix - noexec. runner
2017-08-03 03:29:32 +02:00
dpkg - runner
2017-08-03 19:00:01 +02:00
du - runner
2017-08-05 02:02:31 +02:00
dumpkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
2017-08-07 23:30:22 +02:00
dumpleases - noexec. leaks: open+xread
2017-08-03 03:29:32 +02:00
echo - NOFORK
2017-08-04 17:36:16 +02:00
ed - interactive, longterm
egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
2017-08-07 23:23:18 +02:00
eject - hardware, leaks: open+ioctl_or_perror_and_die, changes state (moves fds)
2017-08-04 17:59:46 +02:00
env - noexec. spawner, changes state (env)
2017-08-04 19:55:01 +02:00
envdir - noexec. spawner
envuidgid - noexec. spawner
2017-08-03 03:29:32 +02:00
expand - runner
2017-08-07 23:23:18 +02:00
expr - noexec. leaks: nested allocs
2017-08-07 23:30:22 +02:00
factor - longterm (eats stdin if no params)
2017-08-03 03:29:32 +02:00
fakeidentd - daemon
false - NOFORK
2017-08-07 22:21:54 +02:00
fatattr - noexec. leaks: open+xioctl, complex
2017-08-07 16:47:34 +02:00
fbset - hardware, leaks: open+xfunc
2017-08-04 17:36:16 +02:00
fbsplash - runner, longterm
2017-08-07 16:47:34 +02:00
fdflush - hardware, leaks: open+ioctl_or_perror_and_die
2017-08-08 01:21:49 +02:00
fdformat - hardware, longterm
2017-08-04 17:36:16 +02:00
fdisk - interactive, longterm
2017-08-05 02:02:31 +02:00
fgconsole - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
2017-08-04 17:36:16 +02:00
fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory)
2017-08-03 19:00:01 +02:00
find - noexec. runner
2017-08-03 03:29:32 +02:00
findfs - suid
2017-08-07 16:47:34 +02:00
flash_eraseall - hardware
flash_lock - hardware
flash_unlock - hardware
flashcp - hardware
2017-08-04 19:55:01 +02:00
flock - spawner, changes state (file locks), let's play safe and not be noexec
2017-08-03 19:00:01 +02:00
fold - noexec. runner
2017-08-07 18:18:09 +02:00
free - noexec. nofork candidate(struct globals, needs to close /proc/meminfo fd)
2017-08-07 23:17:14 +02:00
freeramdisk - noexec. leaks: open+ioctl_or_perror_and_die
2017-08-04 17:36:16 +02:00
fsck - interactive, longterm
2017-08-04 19:16:01 +02:00
fsck.minix - needs ^C
2017-08-05 01:29:12 +02:00
fsfreeze - noexec. leaks: open+xioctl
fstrim - noexec. leaks: open+xioctl, find_block_device -> readdir+xstrdup
2017-08-03 03:29:32 +02:00
fsync - NOFORK
ftpd - daemon
ftpget - runner
ftpput - runner
fuser - complex
2017-08-04 17:59:46 +02:00
getopt - noexec. leaks: many allocs
2017-08-04 17:36:16 +02:00
getty - interactive, longterm
grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory)
2017-08-03 03:29:32 +02:00
groups - noexec
gunzip - runner
gzip - runner
halt - rare
2017-08-03 19:00:01 +02:00
hd - noexec. runner
2017-08-07 16:47:34 +02:00
hdparm - hardware
2017-08-03 19:00:01 +02:00
head - noexec. runner
hexdump - noexec. runner
2017-08-03 03:29:32 +02:00
hostid - NOFORK
2017-08-08 00:42:15 +02:00
hostname - noexec. talks to network (hostname -d may query DNS)
2017-08-03 03:29:32 +02:00
httpd - daemon
2017-08-04 17:36:16 +02:00
hush - interactive, longterm
2017-08-07 16:47:34 +02:00
hwclock - hardware (xioctl(RTC_RD_TIME))
i2cdetect - hardware
i2cdump - hardware
i2cget - hardware
i2cset - hardware
2017-08-03 03:29:32 +02:00
id - noexec
2017-08-07 23:14:49 +02:00
ifconfig - hardware? (mem_start NN io_addr NN irq NN), leaks: xsocket+ioctl_or_perror_and_die
ifenslave - noexec. leaks: xsocket+bb_perror_msg_and_die
2017-08-03 03:29:32 +02:00
ifplugd - daemon
inetd - daemon
init - daemon
inotifyd - daemon
2017-08-04 02:56:39 +02:00
insmod - noexec
2017-08-03 03:29:32 +02:00
install - runner
2017-08-04 19:55:01 +02:00
ionice - noexec. spawner
2017-08-07 18:18:09 +02:00
iostat - longterm: "iostat 1" runs indefinitely
2017-08-03 19:30:21 +02:00
ip - noexec candidate
ipaddr - noexec candidate
2017-08-08 00:42:15 +02:00
ipcalc - noexec. ipcalc -h talks to network
2017-08-09 19:51:17 +02:00
ipcrm - noexec
ipcs - noexec
2017-08-03 19:30:21 +02:00
iplink - noexec candidate
ipneigh - noexec candidate
iproute - noexec candidate
iprule - noexec candidate
iptunnel - noexec candidate
2017-08-06 12:28:00 +02:00
kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
2017-08-03 19:00:01 +02:00
kill - NOFORK
killall - NOFORK
killall5 - NOFORK
2017-08-03 03:29:32 +02:00
klogd - daemon
2017-08-03 19:00:01 +02:00
last - runner (I've got 1300 lines of output when tried it)
2017-08-04 17:36:16 +02:00
less - interactive, longterm
2017-08-03 03:29:32 +02:00
link - NOFORK
2017-08-04 19:55:01 +02:00
linux32 - noexec. spawner
linux64 - noexec. spawner
2017-08-03 03:29:32 +02:00
linuxrc - daemon
ln - noexec
2017-08-06 19:05:45 +02:00
loadfont - noexec. leaks: config_open+bb_error_msg_and_die("map format")
2017-08-05 02:02:31 +02:00
loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
2017-08-03 03:29:32 +02:00
logger - runner
2017-08-04 17:36:16 +02:00
login - suid, interactive, longterm
2017-08-03 03:29:32 +02:00
logname - NOFORK
2017-08-07 23:14:49 +02:00
losetup - noexec. complex
2017-08-03 03:29:32 +02:00
lpd - daemon
lpq - runner
lpr - runner
2017-08-03 19:00:01 +02:00
ls - noexec. runner
2017-08-05 20:38:04 +02:00
lsattr - noexec. runner
2017-08-04 02:56:39 +02:00
lsmod - noexec
2017-08-03 03:29:32 +02:00
lsof - complex
2017-08-05 23:28:19 +02:00
lspci - noexec. too rare to bother for nofork
lsscsi - noexec. too rare to bother for nofork
lsusb - noexec. too rare to bother for nofork
2017-08-03 03:29:32 +02:00
lzcat - runner
lzma - runner
lzop - runner
lzopcat - runner
2017-08-06 21:47:07 +02:00
makedevs - noexec
2017-08-03 03:29:32 +02:00
makemime - runner
2017-08-04 17:36:16 +02:00
man - spawner, interactive, longterm
2017-08-03 19:00:01 +02:00
md5sum - noexec. runner
2017-08-03 03:29:32 +02:00
mdev - daemon
2017-08-04 19:16:01 +02:00
mesg - NOFORK
2017-08-04 17:36:16 +02:00
microcom - interactive, longterm
2017-08-03 03:29:32 +02:00
mkdir - NOFORK
2017-08-04 18:36:55 +02:00
mkdosfs - needs ^C
mke2fs - needs ^C
2017-08-03 03:29:32 +02:00
mkfifo - noexec
2017-08-04 18:36:55 +02:00
mkfs.ext2 - needs ^C
mkfs.minix - needs ^C
mkfs.vfat - needs ^C
2017-08-03 03:29:32 +02:00
mknod - noexec
2017-08-05 02:08:23 +02:00
mkpasswd - noexec. changes state: with --password-fd=N, moves N to stdin
2017-08-04 18:36:55 +02:00
mkswap - needs ^C
2017-08-04 17:39:05 +02:00
mktemp - noexec. leaks: xstrdup+concat_path_file
2017-08-04 02:56:39 +02:00
modinfo - noexec
modprobe - noexec
2017-08-04 17:36:16 +02:00
more - interactive, longterm
2017-08-03 03:29:32 +02:00
mount - suid
2017-08-05 01:29:12 +02:00
mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
2017-08-06 14:15:24 +02:00
mpstat - longterm: "mpstat 1" runs indefinitely
2017-08-07 16:47:34 +02:00
mt - hardware
2017-08-04 19:16:01 +02:00
mv - noexec candidate, runner
2017-08-06 14:15:24 +02:00
nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
2017-08-06 21:53:39 +02:00
nbd-client - noexec
2017-08-03 03:29:32 +02:00
nc - runner
2017-08-07 18:18:09 +02:00
netstat - longterm with -c (continuous listing)
2017-08-04 20:07:19 +02:00
nice - noexec. spawner
2017-08-03 03:29:32 +02:00
nl - runner
2017-08-04 18:36:55 +02:00
nmeter - longterm
2017-08-04 19:55:01 +02:00
nohup - noexec. spawner
2017-08-03 03:29:32 +02:00
nproc - NOFORK
ntpd - daemon
od - runner
2017-08-04 19:55:01 +02:00
openvt - longterm: spawns a child and waits for it
2017-08-05 01:46:39 +02:00
partprobe - noexec. leaks: open+ioctl_or_perror_and_die(BLKRRPART)
2017-08-03 03:29:32 +02:00
passwd - suid
2017-08-03 19:00:01 +02:00
paste - noexec. runner
2017-08-04 18:36:55 +02:00
patch - needs ^C
2017-08-07 18:18:09 +02:00
pgrep - must fork+exec to get correct /proc/PID/cmdline and comm field
pidof - must fork+exec to get correct /proc/PID/cmdline and comm field
2017-08-07 16:47:34 +02:00
ping - suid, longterm
ping6 - suid, longterm
2017-08-04 19:16:01 +02:00
pipe_progress - longterm
2017-08-05 01:51:12 +02:00
pivot_root - NOFORK
2017-08-07 18:18:09 +02:00
pkill - must fork+exec to get correct /proc/PID/cmdline and comm field
2017-08-04 18:36:55 +02:00
pmap - noexec candidate, leaks: open+xstrdup
2017-08-03 03:29:32 +02:00
popmaildir - runner
poweroff - rare
2017-08-03 19:00:01 +02:00
powertop - interactive, longterm
2017-08-03 03:29:32 +02:00
printenv - NOFORK
printf - NOFORK
2017-08-10 14:15:52 +02:00
ps - noexec
pscan - talks to network
2017-08-05 22:25:00 +02:00
pstree - noexec
2017-08-03 03:29:32 +02:00
pwd - NOFORK
2017-08-03 19:00:01 +02:00
pwdx - NOFORK
2017-08-06 19:08:46 +02:00
raidautorun - noexec. very simple. leaks: open+xioctl
2017-08-08 00:42:15 +02:00
rdate - talks to network
rdev - noexec. leaks: find_block_device -> readdir+xstrdup
2017-08-03 19:00:01 +02:00
readlink - NOFORK
2017-08-06 21:47:07 +02:00
readprofile - reads /boot/System.map and /proc/profile, better to free more memory by execing?
2017-08-03 19:00:01 +02:00
realpath - NOFORK
2017-08-03 03:29:32 +02:00
reboot - rare
reformime - runner
2017-08-07 00:28:15 +02:00
remove-shell - noexec. leaks: open+xfunc
2017-08-07 16:47:34 +02:00
renice - noexec. nofork candidate(uses getpwnam, is that ok?)
2017-08-04 20:07:19 +02:00
reset - noexec. spawner (execs "stty")
2017-08-03 19:00:01 +02:00
resize - noexec. changes state (signal handlers)
2017-08-03 03:29:32 +02:00
rev - runner
2017-08-03 19:00:01 +02:00
rm - noexec. rm -i interactive
2017-08-03 03:29:32 +02:00
rmdir - NOFORK
2017-08-04 02:56:39 +02:00
rmmod - noexec
2017-08-08 00:42:15 +02:00
route - talks to network (may query DNS to convert IPs to names)
2017-08-03 03:29:32 +02:00
rpm - runner
rpm2cpio - runner
2017-08-04 18:36:55 +02:00
rtcwake - longterm: puts system to sleep, optimizing this for speed is pointless
2017-08-06 19:08:46 +02:00
run-parts - longterm
2017-08-04 17:59:46 +02:00
runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
2017-08-03 03:29:32 +02:00
runsv - daemon
runsvdir - daemon
rx - runner
2017-08-07 01:53:17 +02:00
script - longterm: pumps script output from slave pty
scriptreplay - longterm: plays back "script" saved output, sleeping as necessary.
2017-08-03 03:29:32 +02:00
sed - runner
sendmail - runner
2017-08-03 19:00:01 +02:00
seq - noexec. runner
2017-08-04 19:55:01 +02:00
setarch - noexec. spawner
2017-08-06 18:56:25 +02:00
setconsole - noexec
2017-08-06 19:05:45 +02:00
setfont - noexec. leaks a lot of stuff
2017-08-06 18:29:25 +02:00
setkeycodes - noexec
2017-08-06 18:17:58 +02:00
setlogcons - noexec
2017-08-04 19:55:01 +02:00
setpriv - spawner, changes state, let's play safe and not be noexec
2017-08-06 18:06:46 +02:00
setserial - noexec
2017-08-06 17:14:09 +02:00
setsid - spawner, uses fork_or_rexec() [not audited to work in noexec], let's play safe and not be noexec
2017-08-04 19:55:01 +02:00
setuidgid - noexec. spawner
2017-08-03 19:00:01 +02:00
sha1sum - noexec. runner
sha256sum - noexec. runner
sha3sum - noexec. runner
sha512sum - noexec. runner
2017-08-04 17:36:16 +02:00
showkey - interactive, longterm
2017-08-03 03:29:32 +02:00
shred - runner
2017-08-03 19:00:01 +02:00
shuf - noexec. runner
2017-08-06 17:14:09 +02:00
slattach - longterm (may sleep forever), uses bb_common_bufsiz1
2017-08-09 19:51:17 +02:00
sleep - longterm. Could be nofork, if not the problem of "killall sleep" not killing it.
2017-08-03 03:29:32 +02:00
smemcap - runner
2017-08-04 19:55:01 +02:00
softlimit - noexec. spawner
2017-08-03 19:00:01 +02:00
sort - noexec. runner
2017-08-03 03:29:32 +02:00
split - runner
2017-08-04 18:36:55 +02:00
ssl_client - longterm
2017-08-06 20:55:56 +02:00
start-stop-daemon - not noexec: uses bb_common_bufsiz1
2017-08-07 18:18:09 +02:00
stat - noexec. nofork candidate(needs fewer allocs)
2017-08-03 03:29:32 +02:00
strings - runner
2017-08-04 20:07:19 +02:00
stty - noexec. nofork candidate: has no allocs or opens except xmove_fd(xopen("-F DEVICE"),STDIN). tcsetattr(STDIN) is not a problem: it would work the same across processes sharing this fd
2017-08-03 03:29:32 +02:00
su - suid, spawner
2017-08-04 19:55:01 +02:00
sulogin - noexec. spawner
2017-08-03 03:29:32 +02:00
sum - runner
2017-08-05 01:42:08 +02:00
sv - noexec. needs ^C (uses usleep(420000))
svc - noexec. needs ^C (uses usleep(420000))
2017-08-03 03:29:32 +02:00
svlogd - daemon
2017-08-07 18:18:09 +02:00
swapoff - longterm: may cause memory pressure, execing is beneficial
2017-08-03 03:29:32 +02:00
swapon - rare
2017-08-04 19:55:01 +02:00
switch_root - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
2017-08-03 03:29:32 +02:00
sync - NOFORK
2017-08-05 18:23:10 +02:00
sysctl - noexec. leaks: xstrdup+xmalloc_read
2017-08-03 03:29:32 +02:00
syslogd - daemon
2017-08-03 19:00:01 +02:00
tac - noexec. runner
2017-08-03 03:29:32 +02:00
tail - runner
tar - runner
2017-08-04 19:55:01 +02:00
taskset - noexec. spawner
2017-08-03 03:29:32 +02:00
tcpsvd - daemon
tee - runner
2017-08-04 17:36:16 +02:00
telnet - interactive, longterm
2017-08-03 03:29:32 +02:00
telnetd - daemon
test - NOFORK
tftp - runner
tftpd - daemon
2017-08-04 19:55:01 +02:00
time - spawner, longterm, changes state (signals)
timeout - spawner, longterm, changes state (signals)
2017-08-03 19:00:01 +02:00
top - interactive, longterm
2017-08-03 03:29:32 +02:00
touch - NOFORK
tr - runner
2017-08-07 16:47:34 +02:00
traceroute - suid, longterm
traceroute6 - suid, longterm
2017-08-03 03:29:32 +02:00
true - NOFORK
truncate - NOFORK
tty - NOFORK
2017-08-03 19:00:01 +02:00
ttysize - NOFORK
2017-08-06 12:28:00 +02:00
tunctl - noexec
2017-08-05 20:38:04 +02:00
tune2fs - noexec. leaks: open+xfunc
2017-08-07 16:47:34 +02:00
ubiattach - hardware
ubidetach - hardware
ubimkvol - hardware
ubirename - hardware
ubirmvol - hardware
ubirsvol - hardware
ubiupdatevol - hardware
2017-08-03 03:29:32 +02:00
udhcpc - daemon
udhcpd - daemon
udpsvd - daemon
uevent - daemon
2017-08-05 23:21:02 +02:00
umount - noexec. leaks: nested xmalloc
2017-08-03 03:29:32 +02:00
uname - NOFORK
uncompress - runner
unexpand - runner
uniq - runner
2017-08-03 19:00:01 +02:00
unix2dos - noexec. runner
2017-08-03 03:29:32 +02:00
unlink - NOFORK
unlzma - runner
unlzop - runner
unxz - runner
unzip - runner
2017-08-07 16:47:34 +02:00
uptime - noexec. nofork candidate(is getutxent ok?)
users - noexec. nofork candidate(is getutxent ok?)
2017-08-09 19:51:17 +02:00
usleep - NOFORK. But what about "killall usleep"?
2017-08-03 03:29:32 +02:00
uudecode - runner
uuencode - runner
2017-08-09 18:52:19 +02:00
vconfig - noexec. leaks: xsocket+ioctl_or_perror_and_die
2017-08-04 17:36:16 +02:00
vi - interactive, longterm
2017-08-03 03:29:32 +02:00
vlock - suid
2017-08-07 23:14:49 +02:00
volname - hardware (reads CDROM, this can take long-ish if need to spin up)
2017-08-07 16:47:34 +02:00
w - noexec. nofork candidate(is getutxent ok?)
2017-08-03 03:29:32 +02:00
wall - suid
2017-08-04 17:59:46 +02:00
watch - longterm
2017-08-03 03:29:32 +02:00
watchdog - daemon
wc - runner
2017-08-04 17:59:46 +02:00
wget - longterm
2017-08-03 03:29:32 +02:00
which - NOFORK
2017-08-07 16:47:34 +02:00
who - noexec. nofork candidate(is getutxent ok?)
2017-08-03 03:29:32 +02:00
whoami - NOFORK
2017-08-08 01:21:49 +02:00
whois - talks to network
2017-08-03 19:00:01 +02:00
xargs - noexec. spawner
xxd - noexec. runner
2017-08-03 03:29:32 +02:00
xz - runner
xzcat - runner
2017-08-03 19:00:01 +02:00
yes - noexec. runner
2017-08-03 03:29:32 +02:00
zcat - runner
zcip - daemon