From 83d7785e413bbfc4c639c855a6e47f64bdc5da9a Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Fri, 4 Aug 2017 17:59:46 +0200 Subject: [PATCH] runlevel: make it NOEXEC Signed-off-by: Denys Vlasenko --- NOFORK_NOEXEC.lst | 38 +++++++++++++++++++------------------- miscutils/runlevel.c | 2 +- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 90c802b2a..d6959e363 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -66,21 +66,21 @@ chgrp - noexec. runner chmod - noexec. runner chown - noexec. runner chpasswd - runner (list of "user:password"s from stdin) -chpst - spawner -chroot - spawner -chrt - spawner +chpst - noexec candidate, spawner +chroot - noexec candidate, spawner +chrt - noexec candidate, spawner chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. cksum - noexec. runner clear - NOFORK cmp - runner comm - runner -conspy - interactive +conspy - interactive, longterm cp - noexec. runner cpio - runner crond - daemon crontab cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec. -cttyhack - spawner +cttyhack - noexec candidate, spawner cut - noexec. runner date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) dc - runner (eats stdin if no params) @@ -90,7 +90,7 @@ delgroup deluser depmod - complex, rare devmem - runner, complex (access to device memory may hang) -df - complex (nested allocs) +df - leaks: nested allocs dhcprelay - daemon diff - runner dirname - NOFORK @@ -106,15 +106,15 @@ echo - NOFORK ed - interactive, longterm egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory) eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds) -env - noexec. changes state (env) -envdir - spawner -envuidgid - spawner +env - noexec. spawner, changes state (env) +envdir - noexec candidate, spawner +envuidgid - noexec candidate, spawner expand - runner -expr - complex (nested allocs) +expr - leaks: nested allocs factor - runner (eats stdin if no params) fakeidentd - daemon false - NOFORK -fatattr - complex (xopen+xioctl can leak fd) +fatattr - leaks: open+xioctl, complex fbset - leaks: open+xfunc, complex, rare fbsplash - runner, longterm fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare @@ -134,14 +134,14 @@ free - nofork candidate(struct globals, needs to close /proc/meminfo fd) freeramdisk - leaks: open+ioctl_or_perror_and_die fsck - interactive, longterm fsck.minix -fsfreeze -fstrim +fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl +fstrim - noexec candidate (it's very simple), leaks: open+xioctl fsync - NOFORK ftpd - daemon ftpget - runner ftpput - runner fuser - complex -getopt - noexec. complex (many allocs) +getopt - noexec. leaks: many allocs getty - interactive, longterm grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory) groups - noexec @@ -156,7 +156,7 @@ hostid - NOFORK hostname - DNS resolution may trigger, need ^C httpd - daemon hush - interactive, longterm -hwclock +hwclock - talks to hardware (xioctl(RTC_RD_TIME)) - needs ^C i2cdetect i2cdump i2cget @@ -293,9 +293,9 @@ rmmod - noexec route rpm - runner rpm2cpio - runner -rtcwake - complex, rare +rtcwake - puts system to sleep, optimizing this for speed is pointless run-parts -runlevel +runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother? runsv - daemon runsvdir - daemon rx - runner @@ -400,10 +400,10 @@ vlock - suid volname - runner w wall - suid -watch - runner +watch - longterm watchdog - daemon wc - runner -wget - runner +wget - longterm which - NOFORK who whoami - NOFORK diff --git a/miscutils/runlevel.c b/miscutils/runlevel.c index 6b4742255..0b2098564 100644 --- a/miscutils/runlevel.c +++ b/miscutils/runlevel.c @@ -21,7 +21,7 @@ //config: This applet uses utmp but does not rely on busybox supporing //config: utmp on purpose. It is used by e.g. emdebian via /etc/init.d/rc. -//applet:IF_RUNLEVEL(APPLET(runlevel, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_RUNLEVEL(APPLET_NOEXEC(runlevel, runlevel, BB_DIR_SBIN, BB_SUID_DROP, runlevel)) //kbuild:lib-$(CONFIG_RUNLEVEL) += runlevel.o