modutils: make them NOEXEC except depmod

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2017-08-04 02:56:39 +02:00
parent 4dc86699b5
commit 3346b4afc5
7 changed files with 19 additions and 16 deletions

View File

@ -156,7 +156,7 @@ ifplugd - daemon
inetd - daemon inetd - daemon
init - daemon init - daemon
inotifyd - daemon inotifyd - daemon
insmod insmod - noexec
install - runner install - runner
ionice - spawner ionice - spawner
iostat - runner iostat - runner
@ -193,7 +193,7 @@ lpq - runner
lpr - runner lpr - runner
ls - noexec. runner ls - noexec. runner
lsattr lsattr
lsmod lsmod - noexec
lsof - complex lsof - complex
lspci lspci
lsscsi lsscsi
@ -220,8 +220,8 @@ mknod - noexec
mkpasswd mkpasswd
mkswap mkswap
mktemp mktemp
modinfo modinfo - noexec
modprobe modprobe - noexec
more - interactive more - interactive
mount - suid mount - suid
mountpoint mountpoint
@ -277,7 +277,7 @@ resize - noexec. changes state (signal handlers)
rev - runner rev - runner
rm - noexec. rm -i interactive rm - noexec. rm -i interactive
rmdir - NOFORK rmdir - NOFORK
rmmod rmmod - noexec
route route
rpm - runner rpm - runner
rpm2cpio - runner rpm2cpio - runner

View File

@ -13,7 +13,7 @@
//config: help //config: help
//config: insmod is used to load specified modules in the running kernel. //config: insmod is used to load specified modules in the running kernel.
//applet:IF_INSMOD(IF_NOT_MODPROBE_SMALL(APPLET(insmod, BB_DIR_SBIN, BB_SUID_DROP))) //applet:IF_INSMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(insmod, insmod, BB_DIR_SBIN, BB_SUID_DROP, insmod)))
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y) //kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
//kbuild:lib-$(CONFIG_INSMOD) += insmod.o modutils.o //kbuild:lib-$(CONFIG_INSMOD) += insmod.o modutils.o

View File

@ -23,7 +23,7 @@
//config: the format of module-init-tools for Linux kernel 2.6. //config: the format of module-init-tools for Linux kernel 2.6.
//config: Increases size somewhat. //config: Increases size somewhat.
//applet:IF_LSMOD(IF_NOT_MODPROBE_SMALL(APPLET(lsmod, BB_DIR_SBIN, BB_SUID_DROP))) //applet:IF_LSMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(lsmod, lsmod, BB_DIR_SBIN, BB_SUID_DROP, lsmod)))
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y) //kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
//kbuild:lib-$(CONFIG_LSMOD) += lsmod.o modutils.o //kbuild:lib-$(CONFIG_LSMOD) += lsmod.o modutils.o

View File

@ -12,7 +12,7 @@
//config: help //config: help
//config: Show information about a Linux Kernel module //config: Show information about a Linux Kernel module
//applet:IF_MODINFO(APPLET(modinfo, BB_DIR_SBIN, BB_SUID_DROP)) //applet:IF_MODINFO(APPLET_NOEXEC(modinfo, modinfo, BB_DIR_SBIN, BB_SUID_DROP, modinfo))
//kbuild:lib-$(CONFIG_MODINFO) += modinfo.o modutils.o //kbuild:lib-$(CONFIG_MODINFO) += modinfo.o modutils.o

View File

@ -11,12 +11,15 @@
/* modprobe-small configs are defined in Config.src to ensure better /* modprobe-small configs are defined in Config.src to ensure better
* "make config" order */ * "make config" order */
//applet:IF_LSMOD( IF_MODPROBE_SMALL(APPLET(lsmod, BB_DIR_SBIN, BB_SUID_DROP))) //applet:IF_LSMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( lsmod, lsmod, BB_DIR_SBIN, BB_SUID_DROP, lsmod )))
//applet:IF_MODPROBE(IF_MODPROBE_SMALL(APPLET(modprobe, BB_DIR_SBIN, BB_SUID_DROP))) //applet:IF_MODPROBE(IF_MODPROBE_SMALL(APPLET_NOEXEC( modprobe, modprobe, BB_DIR_SBIN, BB_SUID_DROP, modprobe)))
// APPLET_ODDNAME:name main location suid_type help // APPLET_ODDNAME:name main location suid_type help
//applet:IF_DEPMOD( IF_MODPROBE_SMALL(APPLET_ODDNAME(depmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, depmod ))) //applet:IF_DEPMOD( IF_MODPROBE_SMALL(APPLET_ODDNAME(depmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, depmod )))
//applet:IF_INSMOD(IF_MODPROBE_SMALL(APPLET_ODDNAME(insmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, insmod))) //applet:IF_INSMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( insmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, insmod )))
//applet:IF_RMMOD( IF_MODPROBE_SMALL(APPLET_ODDNAME(rmmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, rmmod))) //applet:IF_RMMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( rmmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, rmmod )))
/* noexec speeds up boot with many modules loaded (need SH_STANDALONE=y) */
/* I measured about ~5 times faster insmod */
/* depmod is not noexec, it runs longer and benefits from memory trimming via exec */
//kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o //kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o

View File

@ -26,7 +26,7 @@
//config: hardware autodetection scripts to load modules like evdev, frame //config: hardware autodetection scripts to load modules like evdev, frame
//config: buffer drivers etc. //config: buffer drivers etc.
//applet:IF_MODPROBE(IF_NOT_MODPROBE_SMALL(APPLET(modprobe, BB_DIR_SBIN, BB_SUID_DROP))) //applet:IF_MODPROBE(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(modprobe, modprobe, BB_DIR_SBIN, BB_SUID_DROP, modprobe)))
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y) //kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
//kbuild:lib-$(CONFIG_MODPROBE) += modprobe.o modutils.o //kbuild:lib-$(CONFIG_MODPROBE) += modprobe.o modutils.o

View File

@ -14,7 +14,7 @@
//config: help //config: help
//config: rmmod is used to unload specified modules from the kernel. //config: rmmod is used to unload specified modules from the kernel.
//applet:IF_RMMOD(IF_NOT_MODPROBE_SMALL(APPLET(rmmod, BB_DIR_SBIN, BB_SUID_DROP))) //applet:IF_RMMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(rmmod, rmmod, BB_DIR_SBIN, BB_SUID_DROP, rmmod)))
//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y) //kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
//kbuild:lib-$(CONFIG_RMMOD) += rmmod.o modutils.o //kbuild:lib-$(CONFIG_RMMOD) += rmmod.o modutils.o