modutils: make them NOEXEC except depmod
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
4dc86699b5
commit
3346b4afc5
@ -156,7 +156,7 @@ ifplugd - daemon
|
|||||||
inetd - daemon
|
inetd - daemon
|
||||||
init - daemon
|
init - daemon
|
||||||
inotifyd - daemon
|
inotifyd - daemon
|
||||||
insmod
|
insmod - noexec
|
||||||
install - runner
|
install - runner
|
||||||
ionice - spawner
|
ionice - spawner
|
||||||
iostat - runner
|
iostat - runner
|
||||||
@ -193,7 +193,7 @@ lpq - runner
|
|||||||
lpr - runner
|
lpr - runner
|
||||||
ls - noexec. runner
|
ls - noexec. runner
|
||||||
lsattr
|
lsattr
|
||||||
lsmod
|
lsmod - noexec
|
||||||
lsof - complex
|
lsof - complex
|
||||||
lspci
|
lspci
|
||||||
lsscsi
|
lsscsi
|
||||||
@ -220,8 +220,8 @@ mknod - noexec
|
|||||||
mkpasswd
|
mkpasswd
|
||||||
mkswap
|
mkswap
|
||||||
mktemp
|
mktemp
|
||||||
modinfo
|
modinfo - noexec
|
||||||
modprobe
|
modprobe - noexec
|
||||||
more - interactive
|
more - interactive
|
||||||
mount - suid
|
mount - suid
|
||||||
mountpoint
|
mountpoint
|
||||||
@ -277,7 +277,7 @@ resize - noexec. changes state (signal handlers)
|
|||||||
rev - runner
|
rev - runner
|
||||||
rm - noexec. rm -i interactive
|
rm - noexec. rm -i interactive
|
||||||
rmdir - NOFORK
|
rmdir - NOFORK
|
||||||
rmmod
|
rmmod - noexec
|
||||||
route
|
route
|
||||||
rpm - runner
|
rpm - runner
|
||||||
rpm2cpio - runner
|
rpm2cpio - runner
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
//config: help
|
//config: help
|
||||||
//config: insmod is used to load specified modules in the running kernel.
|
//config: insmod is used to load specified modules in the running kernel.
|
||||||
|
|
||||||
//applet:IF_INSMOD(IF_NOT_MODPROBE_SMALL(APPLET(insmod, BB_DIR_SBIN, BB_SUID_DROP)))
|
//applet:IF_INSMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(insmod, insmod, BB_DIR_SBIN, BB_SUID_DROP, insmod)))
|
||||||
|
|
||||||
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
|
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
|
||||||
//kbuild:lib-$(CONFIG_INSMOD) += insmod.o modutils.o
|
//kbuild:lib-$(CONFIG_INSMOD) += insmod.o modutils.o
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
//config: the format of module-init-tools for Linux kernel 2.6.
|
//config: the format of module-init-tools for Linux kernel 2.6.
|
||||||
//config: Increases size somewhat.
|
//config: Increases size somewhat.
|
||||||
|
|
||||||
//applet:IF_LSMOD(IF_NOT_MODPROBE_SMALL(APPLET(lsmod, BB_DIR_SBIN, BB_SUID_DROP)))
|
//applet:IF_LSMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(lsmod, lsmod, BB_DIR_SBIN, BB_SUID_DROP, lsmod)))
|
||||||
|
|
||||||
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
|
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
|
||||||
//kbuild:lib-$(CONFIG_LSMOD) += lsmod.o modutils.o
|
//kbuild:lib-$(CONFIG_LSMOD) += lsmod.o modutils.o
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
//config: help
|
//config: help
|
||||||
//config: Show information about a Linux Kernel module
|
//config: Show information about a Linux Kernel module
|
||||||
|
|
||||||
//applet:IF_MODINFO(APPLET(modinfo, BB_DIR_SBIN, BB_SUID_DROP))
|
//applet:IF_MODINFO(APPLET_NOEXEC(modinfo, modinfo, BB_DIR_SBIN, BB_SUID_DROP, modinfo))
|
||||||
|
|
||||||
//kbuild:lib-$(CONFIG_MODINFO) += modinfo.o modutils.o
|
//kbuild:lib-$(CONFIG_MODINFO) += modinfo.o modutils.o
|
||||||
|
|
||||||
|
@ -11,12 +11,15 @@
|
|||||||
/* modprobe-small configs are defined in Config.src to ensure better
|
/* modprobe-small configs are defined in Config.src to ensure better
|
||||||
* "make config" order */
|
* "make config" order */
|
||||||
|
|
||||||
//applet:IF_LSMOD( IF_MODPROBE_SMALL(APPLET(lsmod, BB_DIR_SBIN, BB_SUID_DROP)))
|
//applet:IF_LSMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( lsmod, lsmod, BB_DIR_SBIN, BB_SUID_DROP, lsmod )))
|
||||||
//applet:IF_MODPROBE(IF_MODPROBE_SMALL(APPLET(modprobe, BB_DIR_SBIN, BB_SUID_DROP)))
|
//applet:IF_MODPROBE(IF_MODPROBE_SMALL(APPLET_NOEXEC( modprobe, modprobe, BB_DIR_SBIN, BB_SUID_DROP, modprobe)))
|
||||||
// APPLET_ODDNAME:name main location suid_type help
|
// APPLET_ODDNAME:name main location suid_type help
|
||||||
//applet:IF_DEPMOD(IF_MODPROBE_SMALL(APPLET_ODDNAME(depmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, depmod)))
|
//applet:IF_DEPMOD( IF_MODPROBE_SMALL(APPLET_ODDNAME(depmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, depmod )))
|
||||||
//applet:IF_INSMOD(IF_MODPROBE_SMALL(APPLET_ODDNAME(insmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, insmod)))
|
//applet:IF_INSMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( insmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, insmod )))
|
||||||
//applet:IF_RMMOD( IF_MODPROBE_SMALL(APPLET_ODDNAME(rmmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, rmmod)))
|
//applet:IF_RMMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( rmmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, rmmod )))
|
||||||
|
/* noexec speeds up boot with many modules loaded (need SH_STANDALONE=y) */
|
||||||
|
/* I measured about ~5 times faster insmod */
|
||||||
|
/* depmod is not noexec, it runs longer and benefits from memory trimming via exec */
|
||||||
|
|
||||||
//kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o
|
//kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
//config: hardware autodetection scripts to load modules like evdev, frame
|
//config: hardware autodetection scripts to load modules like evdev, frame
|
||||||
//config: buffer drivers etc.
|
//config: buffer drivers etc.
|
||||||
|
|
||||||
//applet:IF_MODPROBE(IF_NOT_MODPROBE_SMALL(APPLET(modprobe, BB_DIR_SBIN, BB_SUID_DROP)))
|
//applet:IF_MODPROBE(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(modprobe, modprobe, BB_DIR_SBIN, BB_SUID_DROP, modprobe)))
|
||||||
|
|
||||||
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
|
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
|
||||||
//kbuild:lib-$(CONFIG_MODPROBE) += modprobe.o modutils.o
|
//kbuild:lib-$(CONFIG_MODPROBE) += modprobe.o modutils.o
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
//config: help
|
//config: help
|
||||||
//config: rmmod is used to unload specified modules from the kernel.
|
//config: rmmod is used to unload specified modules from the kernel.
|
||||||
|
|
||||||
//applet:IF_RMMOD(IF_NOT_MODPROBE_SMALL(APPLET(rmmod, BB_DIR_SBIN, BB_SUID_DROP)))
|
//applet:IF_RMMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(rmmod, rmmod, BB_DIR_SBIN, BB_SUID_DROP, rmmod)))
|
||||||
|
|
||||||
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
|
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
|
||||||
//kbuild:lib-$(CONFIG_RMMOD) += rmmod.o modutils.o
|
//kbuild:lib-$(CONFIG_RMMOD) += rmmod.o modutils.o
|
||||||
|
Loading…
x
Reference in New Issue
Block a user