X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=NOFORK_NOEXEC.lst;h=055f9fb24804ce95f9a519fadd60b6591c7428cf;hb=63d053d8c3e991d86cbacccb9ba6ff03aedee5cd;hp=e787a346d04c231256e3c7bec2a00a18cdf501b3;hpb=c3e60e1e9a66b45794e04e9a0a39d1c012780930;p=oweals%2Fbusybox.git

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index e787a346d..055f9fb24 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -72,7 +72,7 @@ brctl - noexec
 bunzip2 - runner
 bzcat - runner
 bzip2 - runner
-cal - runner: cal -n9999
+cal - noexec. can be runner: cal -n9999
 cat - runner: cat HUGEFILE
 chat - longterm (when used as intended - talking to modem over stdin/out)
 chattr - noexec. runner
@@ -89,7 +89,7 @@ clear - NOFORK
 cmp - runner
 comm - runner
 conspy - interactive, longterm
-cp - noexec. runner
+cp - noexec. sometimes runner
 cpio - runner
 crond - daemon
 crontab - longterm (runs $EDITOR), leaks: open+xasprintf
@@ -144,7 +144,7 @@ flash_unlock - hardware
 flashcp - hardware
 flock - spawner, changes state (file locks), let's play safe and not be noexec
 fold - noexec. runner
-free - noexec. nofork candidate(struct globals, needs to close /proc/meminfo fd)
+free - NOFORK
 freeramdisk - noexec. leaks: open+ioctl_or_perror_and_die
 fsck - interactive, longterm
 fsck.minix - needs ^C
@@ -187,16 +187,16 @@ insmod - noexec
 install - runner
 ionice - noexec. spawner
 iostat - longterm: "iostat 1" runs indefinitely
-ip - noexec candidate
-ipaddr - noexec candidate
+ip - noexec
+ipaddr - noexec
 ipcalc - noexec. ipcalc -h talks to network
 ipcrm - noexec
 ipcs - noexec
-iplink - noexec candidate
-ipneigh - noexec candidate
-iproute - noexec candidate
-iprule - noexec candidate
-iptunnel - noexec candidate
+iplink - noexec
+ipneigh - noexec
+iproute - noexec
+iprule - noexec
+iptunnel - noexec
 kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
 kill - NOFORK
 killall - NOFORK
@@ -255,7 +255,7 @@ mount - suid
 mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
 mpstat - longterm: "mpstat 1" runs indefinitely
 mt - hardware
-mv - noexec candidate, runner
+mv - noexec. sometimes runner
 nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
 nbd-client - noexec
 nc - runner