mv: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
cbdc37cae0
commit
88663e481f
@ -89,7 +89,7 @@ clear - NOFORK
|
|||||||
cmp - runner
|
cmp - runner
|
||||||
comm - runner
|
comm - runner
|
||||||
conspy - interactive, longterm
|
conspy - interactive, longterm
|
||||||
cp - noexec. runner
|
cp - noexec. sometimes runner
|
||||||
cpio - runner
|
cpio - runner
|
||||||
crond - daemon
|
crond - daemon
|
||||||
crontab - longterm (runs $EDITOR), leaks: open+xasprintf
|
crontab - longterm (runs $EDITOR), leaks: open+xasprintf
|
||||||
@ -255,7 +255,7 @@ mount - suid
|
|||||||
mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
|
mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
|
||||||
mpstat - longterm: "mpstat 1" runs indefinitely
|
mpstat - longterm: "mpstat 1" runs indefinitely
|
||||||
mt - hardware
|
mt - hardware
|
||||||
mv - noexec candidate, runner
|
mv - noexec. sometimes runner
|
||||||
nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
|
nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
|
||||||
nbd-client - noexec
|
nbd-client - noexec
|
||||||
nc - runner
|
nc - runner
|
||||||
|
@ -26,6 +26,7 @@
|
|||||||
//config: Also add support for --parents option.
|
//config: Also add support for --parents option.
|
||||||
|
|
||||||
//applet:IF_CP(APPLET_NOEXEC(cp, cp, BB_DIR_BIN, BB_SUID_DROP, cp))
|
//applet:IF_CP(APPLET_NOEXEC(cp, cp, BB_DIR_BIN, BB_SUID_DROP, cp))
|
||||||
|
/* NOEXEC despite cases when it can be a "runner" (cp -r LARGE_DIR NEW_DIR) */
|
||||||
|
|
||||||
//kbuild:lib-$(CONFIG_CP) += cp.o
|
//kbuild:lib-$(CONFIG_CP) += cp.o
|
||||||
|
|
||||||
|
@ -17,7 +17,8 @@
|
|||||||
//config: help
|
//config: help
|
||||||
//config: mv is used to move or rename files or directories.
|
//config: mv is used to move or rename files or directories.
|
||||||
|
|
||||||
//applet:IF_MV(APPLET(mv, BB_DIR_BIN, BB_SUID_DROP))
|
//applet:IF_MV(APPLET_NOEXEC(mv, mv, BB_DIR_BIN, BB_SUID_DROP, mv))
|
||||||
|
/* NOEXEC despite cases when it can be a "runner" (mv LARGE_DIR OTHER_FS) */
|
||||||
|
|
||||||
//kbuild:lib-$(CONFIG_MV) += mv.o
|
//kbuild:lib-$(CONFIG_MV) += mv.o
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user