projects
/
oweals
/
busybox.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ntpd: default to FEATURE_NTP_AUTH=y
[oweals/busybox.git]
/
NOFORK_NOEXEC.lst
diff --git
a/NOFORK_NOEXEC.lst
b/NOFORK_NOEXEC.lst
index fd5b35838d8281a2788e810f78e8736d47e72358..055f9fb24804ce95f9a519fadd60b6591c7428cf 100644
(file)
--- a/
NOFORK_NOEXEC.lst
+++ b/
NOFORK_NOEXEC.lst
@@
-72,7
+72,7
@@
brctl - noexec
bunzip2 - runner
bzcat - runner
bzip2 - runner
bunzip2 - runner
bzcat - runner
bzip2 - runner
-cal - runner: cal -n9999
+cal -
noexec. can be
runner: cal -n9999
cat - runner: cat HUGEFILE
chat - longterm (when used as intended - talking to modem over stdin/out)
chattr - noexec. runner
cat - runner: cat HUGEFILE
chat - longterm (when used as intended - talking to modem over stdin/out)
chattr - noexec. runner
@@
-89,7
+89,7
@@
clear - NOFORK
cmp - runner
comm - runner
conspy - interactive, longterm
cmp - runner
comm - runner
conspy - interactive, longterm
-cp - noexec. runner
+cp - noexec.
sometimes
runner
cpio - runner
crond - daemon
crontab - longterm (runs $EDITOR), leaks: open+xasprintf
cpio - runner
crond - daemon
crontab - longterm (runs $EDITOR), leaks: open+xasprintf
@@
-144,7
+144,7
@@
flash_unlock - hardware
flashcp - hardware
flock - spawner, changes state (file locks), let's play safe and not be noexec
fold - noexec. runner
flashcp - hardware
flock - spawner, changes state (file locks), let's play safe and not be noexec
fold - noexec. runner
-free -
noexec. nofork candidate(struct globals, needs to close /proc/meminfo fd)
+free -
NOFORK
freeramdisk - noexec. leaks: open+ioctl_or_perror_and_die
fsck - interactive, longterm
fsck.minix - needs ^C
freeramdisk - noexec. leaks: open+ioctl_or_perror_and_die
fsck - interactive, longterm
fsck.minix - needs ^C
@@
-166,6
+166,7
@@
hd - noexec. runner
hdparm - hardware
head - noexec. runner
hexdump - noexec. runner
hdparm - hardware
head - noexec. runner
hexdump - noexec. runner
+hexedit - interactive, longterm
hostid - NOFORK
hostname - noexec. talks to network (hostname -d may query DNS)
httpd - daemon
hostid - NOFORK
hostname - noexec. talks to network (hostname -d may query DNS)
httpd - daemon
@@
-186,16
+187,16
@@
insmod - noexec
install - runner
ionice - noexec. spawner
iostat - longterm: "iostat 1" runs indefinitely
install - runner
ionice - noexec. spawner
iostat - longterm: "iostat 1" runs indefinitely
-ip - noexec
candidate
-ipaddr - noexec
candidate
+ip - noexec
+ipaddr - noexec
ipcalc - noexec. ipcalc -h talks to network
ipcrm - noexec
ipcs - noexec
ipcalc - noexec. ipcalc -h talks to network
ipcrm - noexec
ipcs - noexec
-iplink - noexec
candidate
-ipneigh - noexec
candidate
-iproute - noexec
candidate
-iprule - noexec
candidate
-iptunnel - noexec
candidate
+iplink - noexec
+ipneigh - noexec
+iproute - noexec
+iprule - noexec
+iptunnel - noexec
kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
kill - NOFORK
killall - NOFORK
kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
kill - NOFORK
killall - NOFORK
@@
-235,6
+236,7
@@
md5sum - noexec. runner
mdev - daemon
mesg - NOFORK
microcom - interactive, longterm
mdev - daemon
mesg - NOFORK
microcom - interactive, longterm
+minips - noexec
mkdir - NOFORK
mkdosfs - needs ^C
mke2fs - needs ^C
mkdir - NOFORK
mkdosfs - needs ^C
mke2fs - needs ^C
@@
-253,7
+255,7
@@
mount - suid
mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
mpstat - longterm: "mpstat 1" runs indefinitely
mt - hardware
mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
mpstat - longterm: "mpstat 1" runs indefinitely
mt - hardware
-mv - noexec
candidate,
runner
+mv - noexec
. sometimes
runner
nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
nbd-client - noexec
nc - runner
nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
nbd-client - noexec
nc - runner
@@
-264,6
+266,7
@@
nmeter - longterm
nohup - noexec. spawner
nproc - NOFORK
ntpd - daemon
nohup - noexec. spawner
nproc - NOFORK
ntpd - daemon
+nuke - noexec
od - runner
openvt - longterm: spawns a child and waits for it
partprobe - noexec. leaks: open+ioctl_or_perror_and_die(BLKRRPART)
od - runner
openvt - longterm: spawns a child and waits for it
partprobe - noexec. leaks: open+ioctl_or_perror_and_die(BLKRRPART)
@@
-283,8
+286,8
@@
poweroff - rare
powertop - interactive, longterm
printenv - NOFORK
printf - NOFORK
powertop - interactive, longterm
printenv - NOFORK
printf - NOFORK
-ps -
looks for AT_CLKTCK elf aux vector, therefore can't be
noexec
-pscan -
longterm
+ps - noexec
+pscan -
talks to network
pstree - noexec
pwd - NOFORK
pwdx - NOFORK
pstree - noexec
pwd - NOFORK
pwdx - NOFORK
@@
-300,6
+303,7
@@
remove-shell - noexec. leaks: open+xfunc
renice - noexec. nofork candidate(uses getpwnam, is that ok?)
reset - noexec. spawner (execs "stty")
resize - noexec. changes state (signal handlers)
renice - noexec. nofork candidate(uses getpwnam, is that ok?)
reset - noexec. spawner (execs "stty")
resize - noexec. changes state (signal handlers)
+resume - noexec
rev - runner
rm - noexec. rm -i interactive
rmdir - NOFORK
rev - runner
rm - noexec. rm -i interactive
rmdir - NOFORK
@@
-308,6
+312,7
@@
route - talks to network (may query DNS to convert IPs to names)
rpm - runner
rpm2cpio - runner
rtcwake - longterm: puts system to sleep, optimizing this for speed is pointless
rpm - runner
rpm2cpio - runner
rtcwake - longterm: puts system to sleep, optimizing this for speed is pointless
+run-init - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
run-parts - longterm
runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
runsv - daemon
run-parts - longterm
runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
runsv - daemon
@@
-320,6
+325,7
@@
sendmail - runner
seq - noexec. runner
setarch - noexec. spawner
setconsole - noexec
seq - noexec. runner
setarch - noexec. spawner
setconsole - noexec
+setfattr - noexec
setfont - noexec. leaks a lot of stuff
setkeycodes - noexec
setlogcons - noexec
setfont - noexec. leaks a lot of stuff
setkeycodes - noexec
setlogcons - noexec