blockdev, fsfreeze, fstrim, mountpoint: make NOEXEC

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index ad49cd8099a76d002d48ab2072c9b15bb3cc1383..b2f410177f9cdc7b6d3cbda1a80ea060f9be6798 100644 (file)
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -51,7 +51,7 @@ basename - NOFORK
 beep
 blkdiscard
 blkid
-blockdev - noexec candidate (rather simple), leaks fd
+blockdev - noexec. leaks fd
 bootchartd - daemon
 brctl
 bunzip2 - runner
@@ -134,8 +134,8 @@ free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
 freeramdisk - leaks: open+ioctl_or_perror_and_die
 fsck - interactive, longterm
 fsck.minix - needs ^C
-fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl
-fstrim - noexec candidate (it's very simple), leaks: open+xioctl, find_block_device -> readdir+xstrdup
+fsfreeze - noexec. leaks: open+xioctl
+fstrim - noexec. leaks: open+xioctl, find_block_device -> readdir+xstrdup
 fsync - NOFORK
 ftpd - daemon
 ftpget - runner
@@ -236,7 +236,7 @@ modinfo - noexec
 modprobe - noexec
 more - interactive, longterm
 mount - suid
-mountpoint - noexec candidate, leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
+mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
 mpstat - noexec candidate (it's a measuring tool, putting less load by itself is good), complex
 mt - rare
 mv - noexec candidate, runner

diff --git a/util-linux/blockdev.c b/util-linux/blockdev.c
index 9e1fef206aa5e515c1ff1a4cb73914c2dab4c4e8..e53ade995a9fa2b49d22e6d652a1a27b7ebce9a9 100644 (file)
--- a/util-linux/blockdev.c
+++ b/util-linux/blockdev.c
@@ -11,7 +11,7 @@
 //config:      help
 //config:      Performs some ioctls with block devices.
 
-//applet:IF_BLOCKDEV(APPLET(blockdev, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_BLOCKDEV(APPLET_NOEXEC(blockdev, blockdev, BB_DIR_SBIN, BB_SUID_DROP, blockdev))
 
 //kbuild:lib-$(CONFIG_BLOCKDEV) += blockdev.o
 

diff --git a/util-linux/fsfreeze.c b/util-linux/fsfreeze.c
index 5c10c8044bb25e786d5bfe671811448e43630c8b..c1f31569fb0f0981a25b30bf2eca82927256df81 100644 (file)
--- a/util-linux/fsfreeze.c
+++ b/util-linux/fsfreeze.c
@@ -13,7 +13,7 @@
 //config:      help
 //config:      Halt new accesses and flush writes on a mounted filesystem.
 
-//applet:IF_FSFREEZE(APPLET(fsfreeze, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//applet:IF_FSFREEZE(APPLET_NOEXEC(fsfreeze, fsfreeze, BB_DIR_USR_SBIN, BB_SUID_DROP, fsfreeze))
 
 //kbuild:lib-$(CONFIG_FSFREEZE) += fsfreeze.o
 

diff --git a/util-linux/fstrim.c b/util-linux/fstrim.c
index 6d0d61d92229e0e9cc95b4001cd48baeb410a898..49b3ceb7214a50c3aa89103f96af7f7a2ee6cbac 100644 (file)
--- a/util-linux/fstrim.c
+++ b/util-linux/fstrim.c
@@ -15,7 +15,7 @@
 //config:      help
 //config:      Discard unused blocks on a mounted filesystem.
 
-//applet:IF_FSTRIM(APPLET(fstrim, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_FSTRIM(APPLET_NOEXEC(fstrim, fstrim, BB_DIR_SBIN, BB_SUID_DROP, fstrim))
 
 //kbuild:lib-$(CONFIG_FSTRIM) += fstrim.o
 

diff --git a/util-linux/mountpoint.c b/util-linux/mountpoint.c
index b7f048196a12b4a066b62056a44349d38b6933a7..50772533f70a4139a0645ff0e09eaadf977267df 100644 (file)
--- a/util-linux/mountpoint.c
+++ b/util-linux/mountpoint.c
@@ -14,7 +14,7 @@
 //config:      help
 //config:      mountpoint checks if the directory is a mountpoint.
 
-//applet:IF_MOUNTPOINT(APPLET(mountpoint, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_MOUNTPOINT(APPLET_NOEXEC(mountpoint, mountpoint, BB_DIR_BIN, BB_SUID_DROP, mountpoint))
 
 //kbuild:lib-$(CONFIG_MOUNTPOINT) += mountpoint.o