busybox/NOFORK_NOEXEC.lst
Denys Vlasenko 3346b4afc5 modutils: make them NOEXEC except depmod
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 02:56:39 +02:00

407 lines
7.4 KiB
Plaintext

Why an applet can't be NOFORK or NOEXEC?
Why can't be NOFORK:
interactive: may wait for user input, ^C has to work
spawner: "tool PROG ARGS" which changes program's environment - must fork
changes state: e.g. environment, signal handlers
runner: sometimes may run for long(ish) time, and/or works with network:
^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
"runners" can become eligible after hush is taught ^C to interrupt NOFORKs!
Why can't be NOEXEC:
suid: runs under different uid - must fork+exec
Why shouldn't be NOFORK/NOEXEC:
complex: no immediately obvious reason why NOFORK wouldn't work,
but does some non-obvoius operations (example: fuser, lsof, losetup);
nested xmallocs (typical in complex code) is a problem for NOFORK
rare: not used often enough to bother optimizing (example: poweroff)
longterm: often runs for a long time (many seconds), execing would make
memory footprint smaller
daemon: runs indefinitely
[ - NOFORK
[[ - NOFORK
acpid - daemon
add-shell
addgroup
adduser
adjtimex
ar - runner
arch - NOFORK
arp
arping - runner
ash - interactive
awk - noexec. runner
base64 - runner
basename - NOFORK
beep
blkdiscard
blkid
blockdev
bootchartd - daemon
brctl
bunzip2 - runner
busybox
bzcat - runner
bzip2 - runner
cal - runner: cal -n9999
cat - runner
chat
chattr - runner
chgrp - noexec. runner
chmod - noexec. runner
chown - noexec. runner
chpasswd - runner (list of "user:password"s from stdin)
chpst - spawner
chroot - spawner
chrt - spawner
chvt
cksum - noexec. runner
clear - NOFORK
cmp - runner
comm - runner
conspy - interactive
cp - noexec. runner
cpio - runner
crond - daemon
crontab
cryptpw
cttyhack - spawner
cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
dc - runner (eats stdin if no params)
dd - noexec. runner
deallocvt
delgroup
deluser
depmod
devmem - runner, complex (access to device memory may hang)
df - complex (nested allocs)
dhcprelay - daemon
diff - runner
dirname - NOFORK
dmesg - runner
dnsd - daemon
dnsdomainname - DNS resolution may trigger, need ^C
dos2unix - noexec. runner
dpkg - runner
du - runner
dumpkmap
dumpleases
echo - NOFORK
ed - interactive
egrep - runner
eject
env - noexec. changes state (env)
envdir - spawner
envuidgid - spawner
expand - runner
expr - complex (nested allocs)
factor - runner (eats stdin if no params)
fakeidentd - daemon
false - NOFORK
fatattr - complex (xopen+xioctl can leak fd)
fbset
fbsplash - runner, interactive
fdflush
fdformat - runner
fdisk - interactive
fgconsole
fgrep - runner
find - noexec. runner
findfs - suid
flash_eraseall
flash_lock
flash_unlock
flashcp
flock
fold - noexec. runner
free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
freeramdisk
fsck - interactive
fsck.minix
fsfreeze
fstrim
fsync - NOFORK
ftpd - daemon
ftpget - runner
ftpput - runner
fuser - complex
getopt - noexec. complex (many allocs)
getty - interactive
grep - runner
groups - noexec
gunzip - runner
gzip - runner
halt - rare
hd - noexec. runner
hdparm - complex, rare
head - noexec. runner
hexdump - noexec. runner
hostid - NOFORK
hostname - DNS resolution may trigger, need ^C
httpd - daemon
hush - interactive
hwclock
i2cdetect
i2cdump
i2cget
i2cset
id - noexec
ifconfig
ifenslave
ifplugd - daemon
inetd - daemon
init - daemon
inotifyd - daemon
insmod - noexec
install - runner
ionice - spawner
iostat - runner
ip - noexec candidate
ipaddr - noexec candidate
ipcalc - noexec candidate
ipcrm - noexec candidate
ipcs - noexec candidate
iplink - noexec candidate
ipneigh - noexec candidate
iproute - noexec candidate
iprule - noexec candidate
iptunnel - noexec candidate
kbd_mode
kill - NOFORK
killall - NOFORK
killall5 - NOFORK
klogd - daemon
last - runner (I've got 1300 lines of output when tried it)
less - interactive
link - NOFORK
linux32 - spawner
linux64 - spawner
linuxrc - daemon
ln - noexec
loadfont
loadkmap
logger - runner
login - suid, interactive
logname - NOFORK
losetup - complex
lpd - daemon
lpq - runner
lpr - runner
ls - noexec. runner
lsattr
lsmod - noexec
lsof - complex
lspci
lsscsi
lsusb
lzcat - runner
lzma - runner
lzop - runner
lzopcat - runner
makedevs
makemime - runner
man - spawner, interactive
md5sum - noexec. runner
mdev - daemon
mesg
microcom - interactive, complex
mkdir - NOFORK
mkdosfs
mke2fs
mkfifo - noexec
mkfs.ext2
mkfs.minix
mkfs.vfat
mknod - noexec
mkpasswd
mkswap
mktemp
modinfo - noexec
modprobe - noexec
more - interactive
mount - suid
mountpoint
mpstat
mt
mv - runner (can be noexec?)
nameif
nbd-client
nc - runner
netstat - runner with -c
nice - spawner
nl - runner
nmeter - runner
nohup - spawner
nproc - NOFORK
ntpd - daemon
od - runner
openvt - spawner
partprobe
passwd - suid
paste - noexec. runner
patch
pgrep - nofork candidate(xregcomp, procps_scan - are they ok?)
pidof - nofork candidate(uses find_pid_by_name, is that ok?)
ping - suid, runner
ping6 - suid, runner
pipe_progress
pivot_root
pkill - nofork candidate(xregcomp, procps_scan - are they ok?)
pmap
popmaildir - runner
poweroff - rare
powertop - interactive, longterm
printenv - NOFORK
printf - NOFORK
ps - noexec candidate
pscan - longterm
pstree
pwd - NOFORK
pwdx - NOFORK
raidautorun
rdate
rdev
readlink - NOFORK
readprofile
realpath - NOFORK
reboot - rare
reformime - runner
remove-shell
renice - nofork candidate(uses getpwnam, is that ok?)
reset - spawner (execs "stty")
resize - noexec. changes state (signal handlers)
rev - runner
rm - noexec. rm -i interactive
rmdir - NOFORK
rmmod - noexec
route
rpm - runner
rpm2cpio - runner
rtcwake - complex, rare
run-parts
runlevel
runsv - daemon
runsvdir - daemon
rx - runner
script
scriptreplay
sed - runner
sendmail - runner
seq - noexec. runner
setarch - spawner
setconsole
setfont
setkeycodes
setlogcons
setpriv - spawner
setserial
setsid - spawner
setuidgid
sh - interactive
sha1sum - noexec. runner
sha256sum - noexec. runner
sha3sum - noexec. runner
sha512sum - noexec. runner
showkey - interactive
shred - runner
shuf - noexec. runner
slattach
sleep - runner
smemcap - runner
softlimit - spawner
sort - noexec. runner
split - runner
ssl_client - network
start-stop-daemon
stat - nofork candidate(needs fewer allocs)
strings - runner
stty
su - suid, spawner
sulogin - spawner
sum - runner
sv
svc
svlogd - daemon
swapoff - rare
swapon - rare
switch_root - spawner, rare, changes state
sync - NOFORK
sysctl
syslogd - daemon
tac - noexec. runner
tail - runner
tar - runner
taskset - spawner
tcpsvd - daemon
tee - runner
telnet - interactive
telnetd - daemon
test - NOFORK
tftp - runner
tftpd - daemon
time - spawner, changes state (signals)
timeout - spawner, changes state (signals)
top - interactive, longterm
touch - NOFORK
tr - runner
traceroute - suid, runner
traceroute6 - suid, runner
true - NOFORK
truncate - NOFORK
tty - NOFORK
ttysize - NOFORK
tunctl
tune2fs
ubiattach
ubidetach
ubimkvol
ubirename
ubirmvol
ubirsvol
ubiupdatevol
udhcpc - daemon
udhcpd - daemon
udpsvd - daemon
uevent - daemon
umount
uname - NOFORK
uncompress - runner
unexpand - runner
uniq - runner
unix2dos - noexec. runner
unlink - NOFORK
unlzma - runner
unlzop - runner
unxz - runner
unzip - runner
uptime - nofork candidate(is getutxent ok?)
users - nofork candidate(is getutxent ok?)
usleep - NOFORK
uudecode - runner
uuencode - runner
vconfig
vi - interactive
vlock - suid
volname - runner
w
wall - suid
watch - runner
watchdog - daemon
wc - runner
wget - runner
which - NOFORK
who
whoami - NOFORK
whois
xargs - noexec. spawner
xxd - noexec. runner
xz - runner
xzcat - runner
yes - noexec. runner
zcat - runner
zcip - daemon