losetup: make NOEXEC

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index d7e60b44286f6d506753a4b0f68478955e561a8d..a8823beff8ffa9590358a4ba7f3477a431b37292 100644 (file)
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -165,8 +165,8 @@ i2cdump - hardware
 i2cget - hardware
 i2cset - hardware
 id - noexec
-ifconfig - leaks: xsocket+ioctl_or_perror_and_die
-ifenslave - leaks: xsocket+bb_perror_msg_and_die
+ifconfig - hardware? (mem_start NN io_addr NN irq NN), leaks: xsocket+ioctl_or_perror_and_die
+ifenslave - noexec. leaks: xsocket+bb_perror_msg_and_die
 ifplugd - daemon
 inetd - daemon
 init - daemon
@@ -202,7 +202,7 @@ loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return o
 logger - runner
 login - suid, interactive, longterm
 logname - NOFORK
-losetup - complex
+losetup - noexec. complex
 lpd - daemon
 lpq - runner
 lpr - runner
@@ -400,7 +400,7 @@ uuencode - runner
 vconfig - leaks: xsocket+ioctl_or_perror_and_die
 vi - interactive, longterm
 vlock - suid
-volname - runner
+volname - hardware (reads CDROM, this can take long-ish if need to spin up)
 w - noexec. nofork candidate(is getutxent ok?)
 wall - suid
 watch - longterm

diff --git a/util-linux/losetup.c b/util-linux/losetup.c
index c608de6cc6d0d1aca01e01e6227b782aa603aa62..2f7dc10f5c65ed2f74dce313e48df129156c10b1 100644 (file)
--- a/util-linux/losetup.c
+++ b/util-linux/losetup.c
@@ -15,9 +15,9 @@
 //config:      file or block device, and to query the status of a loop device. This
 //config:      version does not currently support enabling data encryption.
 
-//kbuild:lib-$(CONFIG_LOSETUP) += losetup.o
+//applet:IF_LOSETUP(APPLET_NOEXEC(losetup, losetup, BB_DIR_SBIN, BB_SUID_DROP, losetup))
 
-//applet:IF_LOSETUP(APPLET(losetup, BB_DIR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_LOSETUP) += losetup.o
 
 //usage:#define losetup_trivial_usage
 //usage:       "[-r] [-o OFS] {-f|LOOPDEV} FILE - associate loop devices\n"