blockdev, fsfreeze, fstrim, mountpoint: make NOEXEC

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:29:12 +02:00 · 2017-08-05 01:29:12 +02:00 · 9f59849daa
commit 9f59849daa
parent b182e9ad60
5 changed files with 8 additions and 8 deletions
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@ -51,7 +51,7 @@ basename - NOFORK
 beep
 blkdiscard
 blkid
-blockdev - noexec candidate (rather simple), leaks fd
+blockdev - noexec. leaks fd
 bootchartd - daemon
 brctl
 bunzip2 - runner
@ -134,8 +134,8 @@ free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
 freeramdisk - leaks: open+ioctl_or_perror_and_die
 fsck - interactive, longterm
 fsck.minix - needs ^C
-fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl
+fsfreeze - noexec. leaks: open+xioctl
-fstrim - noexec candidate (it's very simple), leaks: open+xioctl, find_block_device -> readdir+xstrdup
+fstrim - noexec. leaks: open+xioctl, find_block_device -> readdir+xstrdup
 fsync - NOFORK
 ftpd - daemon
 ftpget - runner
@ -236,7 +236,7 @@ modinfo - noexec
 modprobe - noexec
 more - interactive, longterm
 mount - suid
-mountpoint - noexec candidate, leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
+mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
 mpstat - noexec candidate (it's a measuring tool, putting less load by itself is good), complex
 mt - rare
 mv - noexec candidate, runner
--- a/util-linux/blockdev.c
+++ b/util-linux/blockdev.c
@ -11,7 +11,7 @@
 //config:	help
 //config:	Performs some ioctls with block devices.
-//applet:IF_BLOCKDEV(APPLET(blockdev, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_BLOCKDEV(APPLET_NOEXEC(blockdev, blockdev, BB_DIR_SBIN, BB_SUID_DROP, blockdev))
 //kbuild:lib-$(CONFIG_BLOCKDEV) += blockdev.o
--- a/util-linux/fsfreeze.c
+++ b/util-linux/fsfreeze.c
@ -13,7 +13,7 @@
 //config:	help
 //config:	Halt new accesses and flush writes on a mounted filesystem.
-//applet:IF_FSFREEZE(APPLET(fsfreeze, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//applet:IF_FSFREEZE(APPLET_NOEXEC(fsfreeze, fsfreeze, BB_DIR_USR_SBIN, BB_SUID_DROP, fsfreeze))
 //kbuild:lib-$(CONFIG_FSFREEZE) += fsfreeze.o
--- a/util-linux/fstrim.c
+++ b/util-linux/fstrim.c
@ -15,7 +15,7 @@
 //config:	help
 //config:	Discard unused blocks on a mounted filesystem.
-//applet:IF_FSTRIM(APPLET(fstrim, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_FSTRIM(APPLET_NOEXEC(fstrim, fstrim, BB_DIR_SBIN, BB_SUID_DROP, fstrim))
 //kbuild:lib-$(CONFIG_FSTRIM) += fstrim.o
--- a/util-linux/mountpoint.c
+++ b/util-linux/mountpoint.c
@ -14,7 +14,7 @@
 //config:	help
 //config:	mountpoint checks if the directory is a mountpoint.
-//applet:IF_MOUNTPOINT(APPLET(mountpoint, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_MOUNTPOINT(APPLET_NOEXEC(mountpoint, mountpoint, BB_DIR_BIN, BB_SUID_DROP, mountpoint))
 //kbuild:lib-$(CONFIG_MOUNTPOINT) += mountpoint.o