beep
blkdiscard
blkid
-blockdev
+blockdev - noexec candidate (rather simple), leaks fd
bootchartd - daemon
brctl
bunzip2 - runner
chpst - noexec candidate, spawner
chroot - noexec candidate, spawner
chrt - noexec candidate, spawner
-chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
+chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
cksum - noexec. runner
clear - NOFORK
cmp - runner
cp - noexec. runner
cpio - runner
crond - daemon
-crontab
-cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec.
+crontab 0 leaks: open+xasprintf
+cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate.
cttyhack - noexec candidate, spawner
cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
dc - runner (eats stdin if no params)
dd - noexec. runner
-deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
+deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
delgroup
deluser
depmod - complex, rare
dos2unix - noexec. runner
dpkg - runner
du - runner
-dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
-dumpleases
+dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+dumpleases - leaks: open+xread
echo - NOFORK
ed - interactive, longterm
egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
fdformat - needs ^C (floppy may be unresponsive), longterm, rare
fdisk - interactive, longterm
-fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
+fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory)
find - noexec. runner
findfs - suid
free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
freeramdisk - leaks: open+ioctl_or_perror_and_die
fsck - interactive, longterm
-fsck.minix
+fsck.minix - needs ^C
fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl
fstrim - noexec candidate (it's very simple), leaks: open+xioctl, find_block_device -> readdir+xstrdup
fsync - NOFORK
i2cget
i2cset
id - noexec
-ifconfig
-ifenslave
+ifconfig - leaks: xsocket+ioctl_or_perror_and_die
+ifenslave - leaks: xsocket+bb_perror_msg_and_die
ifplugd - daemon
inetd - daemon
init - daemon
iproute - noexec candidate
iprule - noexec candidate
iptunnel - noexec candidate
-kbd_mode
+kbd_mode - leaks: xopen_nonblocking+xioctl
kill - NOFORK
killall - NOFORK
killall5 - NOFORK
linux64 - spawner
linuxrc - daemon
ln - noexec
-loadfont
-loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
+loadfont - leaks: config_open+bb_error_msg_and_die("map format")
+loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
logger - runner
login - suid, interactive, longterm
logname - NOFORK
man - spawner, interactive, longterm
md5sum - noexec. runner
mdev - daemon
-mesg
+mesg - NOFORK
microcom - interactive, longterm
mkdir - NOFORK
mkdosfs - needs ^C
mkfs.minix - needs ^C
mkfs.vfat - needs ^C
mknod - noexec
-mkpasswd - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec.
+mkpasswd - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate.
mkswap - needs ^C
mktemp - noexec. leaks: xstrdup+concat_path_file
modinfo - noexec
mountpoint - noexec candidate, leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
mpstat - noexec candidate (it's a measuring tool, putting less load by itself is good), complex
mt - rare
-mv - runner (can be noexec?)
-nameif
+mv - noexec candidate, runner
+nameif - leaks: config_open2+ioctl_or_perror_and_die
nbd-client
nc - runner
netstat - runner with -c
pidof - nofork candidate(uses find_pid_by_name, is that ok?)
ping - suid, runner
ping6 - suid, runner
-pipe_progress
-pivot_root
+pipe_progress - longterm
+pivot_root - nofork candidate? the code is trivial
pkill - nofork candidate(xregcomp, procps_scan - are they ok?)
pmap - noexec candidate, leaks: open+xstrdup
popmaildir - runner
udhcpd - daemon
udpsvd - daemon
uevent - daemon
-umount
+umount - noexec candidate, leaks: nested xmalloc
uname - NOFORK
uncompress - runner
unexpand - runner
vi - interactive, longterm
vlock - suid
volname - runner
-w
+w - nofork candidate(is getutxent ok?)
wall - suid
watch - longterm
watchdog - daemon
wc - runner
wget - longterm
which - NOFORK
-who
+who - nofork candidate(is getutxent ok?)
whoami - NOFORK
-whois
+whois - needs ^C
xargs - noexec. spawner
xxd - noexec. runner
xz - runner
//config: If you set this option to N, "mesg y" will enable writing
//config: by anybody at all. This is not recommended.
-//applet:IF_MESG(APPLET(mesg, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_MESG(APPLET_NOFORK(mesg, mesg, BB_DIR_USR_BIN, BB_SUID_DROP, mesg))
//kbuild:lib-$(CONFIG_MESG) += mesg.o
bb_show_usage();
}
+ /* We are a NOFORK applet.
+ * (Not that it's very useful, but code is trivially NOFORK-safe).
+ * Play nice. Do not leak anything.
+ */
+
if (!isatty(STDIN_FILENO))
bb_error_msg_and_die("not a tty");
- xfstat(STDIN_FILENO, &sb, "stderr");
+ xfstat(STDIN_FILENO, &sb, "stdin");
if (c == 0) {
puts((sb.st_mode & (S_IWGRP|S_IWOTH)) ? "is y" : "is n");
return EXIT_SUCCESS;
projects / oweals / busybox.git / commitdiff