Why shouldn't be NOFORK/NOEXEC:
rare: not started often enough to bother optimizing (example: poweroff)
daemon: runs indefinitely; these are also always fit "rare" category
-longterm: often runs for a long time (many seconds), execing would make
+longterm: often runs for a long time (many seconds), execing makes
memory footprint smaller
complex: no immediately obvious reason why NOFORK wouldn't work,
but does some non-obvoius operations (example: fuser, lsof, losetup);
chmod - noexec. runner
chown - noexec. runner
chpasswd - runner (list of "user:password"s from stdin)
-chpst - noexec candidate, spawner
-chroot - noexec candidate, spawner
-chrt - noexec candidate, spawner
+chpst - noexec. spawner
+chroot - noexec. spawner
+chrt - noexec. spawner
chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
cksum - noexec. runner
clear - NOFORK
crond - daemon
crontab 0 leaks: open+xasprintf
cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate.
-cttyhack - noexec candidate, spawner
+cttyhack - noexec. spawner
cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
dc - runner (eats stdin if no params)
egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds)
env - noexec. spawner, changes state (env)
-envdir - noexec candidate, spawner
-envuidgid - noexec candidate, spawner
+envdir - noexec. spawner
+envuidgid - noexec. spawner
expand - runner
expr - leaks: nested allocs
factor - runner (eats stdin if no params)
flash_lock
flash_unlock
flashcp
-flock - spawner, changes state (file locks)
+flock - spawner, changes state (file locks), let's play safe and not be noexec
fold - noexec. runner
free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
freeramdisk - leaks: open+ioctl_or_perror_and_die
inotifyd - daemon
insmod - noexec
install - runner
-ionice - spawner
+ionice - noexec. spawner
iostat - runner
ip - noexec candidate
ipaddr - noexec candidate
last - runner (I've got 1300 lines of output when tried it)
less - interactive, longterm
link - NOFORK
-linux32 - spawner
-linux64 - spawner
+linux32 - noexec. spawner
+linux64 - noexec. spawner
linuxrc - daemon
ln - noexec
loadfont - leaks: config_open+bb_error_msg_and_die("map format")
nice - noexec candidate, spawner
nl - runner
nmeter - longterm
-nohup - noexec candidate (maybe free concat_path_file result?), spawner
+nohup - noexec. spawner
nproc - NOFORK
ntpd - daemon
od - runner
-openvt - spawner
+openvt - longterm: spawns a child and waits for it
partprobe - noexec candidate (simple), leaks: open+ioctl_or_perror_and_die(BLKRRPART)
passwd - suid
paste - noexec. runner
sed - runner
sendmail - runner
seq - noexec. runner
-setarch - spawner
+setarch - noexec. spawner
setconsole
setfont
setkeycodes
setlogcons
-setpriv - spawner
+setpriv - spawner, changes state, let's play safe and not be noexec
setserial
-setsid - spawner
-setuidgid
+setsid - spawner, uses fork_or_rexec() [not audted to work in noexec], let's play safe and not be noexec
+setuidgid - noexec. spawner
sha1sum - noexec. runner
sha256sum - noexec. runner
sha3sum - noexec. runner
slattach
sleep - runner, longterm
smemcap - runner
-softlimit - noexec candidate, spawner
+softlimit - noexec. spawner
sort - noexec. runner
split - runner
ssl_client - longterm
strings - runner
stty - noexec/nofork candidate. has no allocs or opens except xmove_fd(xopen("-F DEVICE"),STDIN). tcsetattr(STDIN) is not a problem: it would work the same across processes sharing this fd
su - suid, spawner
-sulogin - spawner
+sulogin - noexec. spawner
sum - runner
sv - noexec candidate, needs ^C (uses usleep(420000))
svc - noexec candidate, needs ^C (uses usleep(420000))
svlogd - daemon
swapoff - rare
swapon - rare
-switch_root - spawner, rare, changes state
+switch_root - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
sync - NOFORK
sysctl - noexec candidate, leaks: xstrdup+xmalloc_read
syslogd - daemon
tac - noexec. runner
tail - runner
tar - runner
-taskset - spawner
+taskset - noexec. spawner
tcpsvd - daemon
tee - runner
telnet - interactive, longterm
test - NOFORK
tftp - runner
tftpd - daemon
-time - spawner, changes state (signals)
-timeout - spawner, changes state (signals)
+time - spawner, longterm, changes state (signals)
+timeout - spawner, longterm, changes state (signals)
top - interactive, longterm
touch - NOFORK
tr - runner
//config: This program is used to reset the terminal screen, if it
//config: gets messed up.
-//applet:IF_RESET(APPLET(reset, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_RESET(APPLET_NOEXEC(reset, reset, BB_DIR_USR_BIN, BB_SUID_DROP, reset))
//kbuild:lib-$(CONFIG_RESET) += reset.o
//config: chroot is used to change the root directory and run a command.
//config: The default command is '/bin/sh'.
-//applet:IF_CHROOT(APPLET(chroot, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//applet:IF_CHROOT(APPLET_NOEXEC(chroot, chroot, BB_DIR_USR_SBIN, BB_SUID_DROP, chroot))
//kbuild:lib-$(CONFIG_CHROOT) += chroot.o
++argv;
if (!*argv)
bb_show_usage();
+
xchroot(*argv);
++argv;
//config: help
//config: nice runs a program with modified scheduling priority.
-//applet:IF_NICE(APPLET(nice, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_NICE(APPLET_NOEXEC(nice, nice, BB_DIR_BIN, BB_SUID_DROP, nice))
//kbuild:lib-$(CONFIG_NICE) += nice.o
//config: help
//config: run a command immune to hangups, with output to a non-tty.
-//applet:IF_NOHUP(APPLET(nohup, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_NOHUP(APPLET_NOEXEC(nohup, nohup, BB_DIR_USR_BIN, BB_SUID_DROP, nohup))
//kbuild:lib-$(CONFIG_NOHUP) += nohup.o
//config: sulogin is invoked when the system goes into single user
//config: mode (this is done through an entry in inittab).
-//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_SULOGIN(APPLET_NOEXEC(sulogin, sulogin, BB_DIR_SBIN, BB_SUID_DROP, sulogin))
//kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o
/* Note: sulogin is not a suid app. It is meant to be run by init
* for single user / emergency mode. init starts it as root.
- * Normal users (potentially malisious ones) can only run it under
+ * Normal users (potentially malicious ones) can only run it under
* their UID, therefore no paranoia here is warranted:
* $LD_LIBRARY_PATH in env, TTY = /dev/sda
* are no more dangerous here than in e.g. cp applet.
//config: help
//config: Sets soft resource limits as specified by options
-//applet:IF_CHPST(APPLET(chpst, BB_DIR_USR_BIN, BB_SUID_DROP))
-// APPLET_ODDNAME:name main location suid_type help
-//applet:IF_ENVDIR( APPLET_ODDNAME(envdir, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envdir))
-//applet:IF_ENVUIDGID(APPLET_ODDNAME(envuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envuidgid))
-//applet:IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid))
-//applet:IF_SOFTLIMIT(APPLET_ODDNAME(softlimit, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, softlimit))
+//applet:IF_CHPST( APPLET_NOEXEC(chpst, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, chpst))
+// APPLET_NOEXEC:name main location suid_type help
+//applet:IF_ENVDIR( APPLET_NOEXEC(envdir, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envdir))
+//applet:IF_ENVUIDGID(APPLET_NOEXEC(envuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envuidgid))
+//applet:IF_SETUIDGID(APPLET_NOEXEC(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid))
+//applet:IF_SOFTLIMIT(APPLET_NOEXEC(softlimit, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, softlimit))
//kbuild:lib-$(CONFIG_CHPST) += chpst.o
//kbuild:lib-$(CONFIG_ENVDIR) += chpst.o
*/
#include "libbb.h"
-//applet:IF_CTTYHACK(APPLET(cttyhack, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_CTTYHACK(APPLET_NOEXEC(cttyhack, cttyhack, BB_DIR_BIN, BB_SUID_DROP, cttyhack))
//kbuild:lib-$(CONFIG_CTTYHACK) += cttyhack.o
//config: manipulate real-time attributes of a process.
//config: This requires sched_{g,s}etparam support in your libc.
-//applet:IF_CHRT(APPLET(chrt, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_CHRT(APPLET_NOEXEC(chrt, chrt, BB_DIR_USR_BIN, BB_SUID_DROP, chrt))
//kbuild:lib-$(CONFIG_CHRT) += chrt.o
//config: Set/set program io scheduling class and priority
//config: Requires kernel >= 2.6.13
-//applet:IF_IONICE(APPLET(ionice, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_IONICE(APPLET_NOEXEC(ionice, ionice, BB_DIR_BIN, BB_SUID_DROP, ionice))
//kbuild:lib-$(CONFIG_IONICE) += ionice.o
//config: help
//config: Alias to "setarch linux64".
-//applet:IF_SETARCH(APPLET(setarch, BB_DIR_BIN, BB_SUID_DROP))
-// APPLET_ODDNAME:name main location suid_type help
-//applet:IF_LINUX32(APPLET_ODDNAME(linux32, setarch, BB_DIR_BIN, BB_SUID_DROP, linux32))
-//applet:IF_LINUX64(APPLET_ODDNAME(linux64, setarch, BB_DIR_BIN, BB_SUID_DROP, linux64))
+//applet:IF_SETARCH(APPLET_NOEXEC(setarch, setarch, BB_DIR_BIN, BB_SUID_DROP, setarch))
+// APPLET_NOEXEC:name main location suid_type help
+//applet:IF_LINUX32(APPLET_NOEXEC(linux32, setarch, BB_DIR_BIN, BB_SUID_DROP, linux32))
+//applet:IF_LINUX64(APPLET_NOEXEC(linux64, setarch, BB_DIR_BIN, BB_SUID_DROP, linux64))
//kbuild:lib-$(CONFIG_SETARCH) += setarch.o
//kbuild:lib-$(CONFIG_LINUX32) += setarch.o
//config: affinity parameter 0xHHHHHHHHHHHHHHHHHHHH can be arbitrarily long
//config: in this case. Otherwise, it is limited to sizeof(long).
-//applet:IF_TASKSET(APPLET(taskset, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_TASKSET(APPLET_NOEXEC(taskset, taskset, BB_DIR_USR_BIN, BB_SUID_DROP, taskset))
//kbuild:lib-$(CONFIG_TASKSET) += taskset.o
//usage:#define taskset_trivial_usage
projects / oweals / busybox.git / commitdiff