From 7b8372b81926ef6aa8d91945a95261bbb93d0b9e Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Mon, 7 Aug 2017 00:28:15 +0200 Subject: [PATCH] add/remove-shell,add/deluser,add/delgroup: make them NOEXEC Signed-off-by: Denys Vlasenko --- NOFORK_NOEXEC.lst | 12 ++++++------ loginutils/add-remove-shell.c | 7 ++++--- loginutils/addgroup.c | 2 +- loginutils/adduser.c | 2 +- loginutils/deluser.c | 5 +++-- 5 files changed, 15 insertions(+), 13 deletions(-) diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 9c8df23ab..ac04f75da 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -36,9 +36,9 @@ IOW: rm is "interactive", but not "longterm". [ - NOFORK [[ - NOFORK acpid - daemon -add-shell -addgroup -adduser +add-shell - noexec. leaks: open+xfunc +addgroup - noexec. leaks +adduser - noexec. leaks adjtimex - NOFORK ar - runner arch - NOFORK @@ -86,8 +86,8 @@ date - noexec. nofork candidate(needs to stop messing up env, free xasprintf res dc - runner (eats stdin if no params) dd - noexec. runner deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds -delgroup -deluser +delgroup - noexec. leaks +deluser - noexec. leaks depmod - complex, rare devmem - runner, complex (access to device memory may hang) df - leaks: nested allocs @@ -282,7 +282,7 @@ readprofile - reads /boot/System.map and /proc/profile, better to free more memo realpath - NOFORK reboot - rare reformime - runner -remove-shell +remove-shell - noexec. leaks: open+xfunc renice - nofork candidate(uses getpwnam, is that ok?) reset - noexec. spawner (execs "stty") resize - noexec. changes state (signal handlers) diff --git a/loginutils/add-remove-shell.c b/loginutils/add-remove-shell.c index 750b44bd6..6d03de254 100644 --- a/loginutils/add-remove-shell.c +++ b/loginutils/add-remove-shell.c @@ -19,9 +19,9 @@ //config: help //config: Remove shells from /etc/shells. -// APPLET_ODDNAME:name main location suid_type help -//applet:IF_ADD_SHELL( APPLET_ODDNAME(add-shell , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell )) -//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell)) +// APPLET_NOEXEC:name main location suid_type help +//applet:IF_ADD_SHELL( APPLET_NOEXEC(add-shell , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell )) +//applet:IF_REMOVE_SHELL(APPLET_NOEXEC(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell)) //kbuild:lib-$(CONFIG_ADD_SHELL) += add-remove-shell.o //kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o @@ -64,6 +64,7 @@ int add_remove_shell_main(int argc UNUSED_PARAM, char **argv) if (orig_fp) xfstat(fileno(orig_fp), &sb, orig_fn); + new_fn = xasprintf("%s.tmp", orig_fn); /* * O_TRUNC or O_EXCL? At the first glance, O_EXCL looks better, diff --git a/loginutils/addgroup.c b/loginutils/addgroup.c index b197fc149..30f7e72dc 100644 --- a/loginutils/addgroup.c +++ b/loginutils/addgroup.c @@ -29,7 +29,7 @@ //config: addgroup will add an existing user to an //config: existing group. -//applet:IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP)) +//applet:IF_ADDGROUP(APPLET_NOEXEC(addgroup, addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP, addgroup)) //kbuild:lib-$(CONFIG_ADDGROUP) += addgroup.o diff --git a/loginutils/adduser.c b/loginutils/adduser.c index ef18278ac..913dbaf83 100644 --- a/loginutils/adduser.c +++ b/loginutils/adduser.c @@ -53,7 +53,7 @@ //config: help //config: Last valid system uid or gid for adduser and addgroup -//applet:IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP)) +//applet:IF_ADDUSER(APPLET_NOEXEC(adduser, adduser, BB_DIR_USR_SBIN, BB_SUID_DROP, adduser)) //kbuild:lib-$(CONFIG_ADDUSER) += adduser.o diff --git a/loginutils/deluser.c b/loginutils/deluser.c index 3b6bd952d..f5bc3c28a 100644 --- a/loginutils/deluser.c +++ b/loginutils/deluser.c @@ -28,8 +28,9 @@ //config: If called with two non-option arguments, deluser //config: or delgroup will remove an user from a specified group. -//applet:IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP)) -//applet:IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup)) +// APPLET_NOEXEC:name main location suid_type help +//applet:IF_DELUSER( APPLET_NOEXEC(deluser, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, deluser)) +//applet:IF_DELGROUP(APPLET_NOEXEC(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup)) //kbuild:lib-$(CONFIG_DELUSER) += deluser.o //kbuild:lib-$(CONFIG_DELGROUP) += deluser.o