umount: make it NOEXEC

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index fbba3adb36ef5e72d67a25a86192c6b34bcbf06a..8b35df289f53a4fc34b6335a85194b7b35c15125 100644 (file)
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -378,7 +378,7 @@ udhcpc - daemon
 udhcpd - daemon
 udpsvd - daemon
 uevent - daemon
-umount - noexec candidate, leaks: nested xmalloc
+umount - noexec. leaks: nested xmalloc
 uname - NOFORK
 uncompress - runner
 unexpand - runner

diff --git a/util-linux/umount.c b/util-linux/umount.c
index 122c0f579181db3766c444f6e2ad1e6a480d256d..33667b13cfa72e635bc8075689bc1adb5749f54c 100644 (file)
--- a/util-linux/umount.c
+++ b/util-linux/umount.c
@@ -24,7 +24,18 @@
 //config:      help
 //config:      Support -a option to unmount all currently mounted filesystems.
 
-//applet:IF_UMOUNT(APPLET(umount, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_UMOUNT(APPLET_NOEXEC(umount, umount, BB_DIR_BIN, BB_SUID_DROP, umount))
+/*
+ * On one hand, in some weird situations you'd want umount
+ * to not do anything surprising, to behave as a usual fork+execed executable.
+ *
+ * OTOH, there can be situations where execing would not succeed, or even hang
+ * (say, if executable is on a filesystem which is in trouble and accesses to it
+ * block in kernel).
+ * In this case, you might be actually happy if your standalone bbox shell
+ * does not fork+exec, but only forks and calls umount_main() which it already has!
+ * Let's go with NOEXEC.
+ */
 
 //kbuild:lib-$(CONFIG_UMOUNT) += umount.o