mesg: make in NOFORK

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2017-08-04 19:16:01 +02:00
parent 947b2391c0
commit 6514785f95
2 changed files with 31 additions and 26 deletions

View File

@ -51,7 +51,7 @@ basename - NOFORK
beep beep
blkdiscard blkdiscard
blkid blkid
blockdev blockdev - noexec candidate (rather simple), leaks fd
bootchartd - daemon bootchartd - daemon
brctl brctl
bunzip2 - runner bunzip2 - runner
@ -69,7 +69,7 @@ chpasswd - runner (list of "user:password"s from stdin)
chpst - noexec candidate, spawner chpst - noexec candidate, spawner
chroot - noexec candidate, spawner chroot - noexec candidate, spawner
chrt - noexec candidate, spawner chrt - noexec candidate, spawner
chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
cksum - noexec. runner cksum - noexec. runner
clear - NOFORK clear - NOFORK
cmp - runner cmp - runner
@ -78,14 +78,14 @@ conspy - interactive, longterm
cp - noexec. runner cp - noexec. runner
cpio - runner cpio - runner
crond - daemon crond - daemon
crontab crontab 0 leaks: open+xasprintf
cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec. cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate.
cttyhack - noexec candidate, spawner cttyhack - noexec candidate, spawner
cut - noexec. runner cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
dc - runner (eats stdin if no params) dc - runner (eats stdin if no params)
dd - noexec. runner dd - noexec. runner
deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
delgroup delgroup
deluser deluser
depmod - complex, rare depmod - complex, rare
@ -100,8 +100,8 @@ dnsdomainname - needs ^C (may talk to DNS servers, which may be down)
dos2unix - noexec. runner dos2unix - noexec. runner
dpkg - runner dpkg - runner
du - runner du - runner
dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
dumpleases dumpleases - leaks: open+xread
echo - NOFORK echo - NOFORK
ed - interactive, longterm ed - interactive, longterm
egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory) egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
@ -120,7 +120,7 @@ fbsplash - runner, longterm
fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
fdformat - needs ^C (floppy may be unresponsive), longterm, rare fdformat - needs ^C (floppy may be unresponsive), longterm, rare
fdisk - interactive, longterm fdisk - interactive, longterm
fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory) fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory)
find - noexec. runner find - noexec. runner
findfs - suid findfs - suid
@ -133,7 +133,7 @@ fold - noexec. runner
free - nofork candidate(struct globals, needs to close /proc/meminfo fd) free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
freeramdisk - leaks: open+ioctl_or_perror_and_die freeramdisk - leaks: open+ioctl_or_perror_and_die
fsck - interactive, longterm fsck - interactive, longterm
fsck.minix fsck.minix - needs ^C
fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl
fstrim - noexec candidate (it's very simple), leaks: open+xioctl, find_block_device -> readdir+xstrdup fstrim - noexec candidate (it's very simple), leaks: open+xioctl, find_block_device -> readdir+xstrdup
fsync - NOFORK fsync - NOFORK
@ -162,8 +162,8 @@ i2cdump
i2cget i2cget
i2cset i2cset
id - noexec id - noexec
ifconfig ifconfig - leaks: xsocket+ioctl_or_perror_and_die
ifenslave ifenslave - leaks: xsocket+bb_perror_msg_and_die
ifplugd - daemon ifplugd - daemon
inetd - daemon inetd - daemon
init - daemon init - daemon
@ -182,7 +182,7 @@ ipneigh - noexec candidate
iproute - noexec candidate iproute - noexec candidate
iprule - noexec candidate iprule - noexec candidate
iptunnel - noexec candidate iptunnel - noexec candidate
kbd_mode kbd_mode - leaks: xopen_nonblocking+xioctl
kill - NOFORK kill - NOFORK
killall - NOFORK killall - NOFORK
killall5 - NOFORK killall5 - NOFORK
@ -194,8 +194,8 @@ linux32 - spawner
linux64 - spawner linux64 - spawner
linuxrc - daemon linuxrc - daemon
ln - noexec ln - noexec
loadfont loadfont - leaks: config_open+bb_error_msg_and_die("map format")
loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
logger - runner logger - runner
login - suid, interactive, longterm login - suid, interactive, longterm
logname - NOFORK logname - NOFORK
@ -219,7 +219,7 @@ makemime - runner
man - spawner, interactive, longterm man - spawner, interactive, longterm
md5sum - noexec. runner md5sum - noexec. runner
mdev - daemon mdev - daemon
mesg mesg - NOFORK
microcom - interactive, longterm microcom - interactive, longterm
mkdir - NOFORK mkdir - NOFORK
mkdosfs - needs ^C mkdosfs - needs ^C
@ -229,7 +229,7 @@ mkfs.ext2 - needs ^C
mkfs.minix - needs ^C mkfs.minix - needs ^C
mkfs.vfat - needs ^C mkfs.vfat - needs ^C
mknod - noexec mknod - noexec
mkpasswd - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec. mkpasswd - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate.
mkswap - needs ^C mkswap - needs ^C
mktemp - noexec. leaks: xstrdup+concat_path_file mktemp - noexec. leaks: xstrdup+concat_path_file
modinfo - noexec modinfo - noexec
@ -239,8 +239,8 @@ mount - suid
mountpoint - noexec candidate, leaks: option -n "print dev name": find_block_device -> readdir+xstrdup mountpoint - noexec candidate, leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
mpstat - noexec candidate (it's a measuring tool, putting less load by itself is good), complex mpstat - noexec candidate (it's a measuring tool, putting less load by itself is good), complex
mt - rare mt - rare
mv - runner (can be noexec?) mv - noexec candidate, runner
nameif nameif - leaks: config_open2+ioctl_or_perror_and_die
nbd-client nbd-client
nc - runner nc - runner
netstat - runner with -c netstat - runner with -c
@ -260,8 +260,8 @@ pgrep - nofork candidate(xregcomp, procps_scan - are they ok?)
pidof - nofork candidate(uses find_pid_by_name, is that ok?) pidof - nofork candidate(uses find_pid_by_name, is that ok?)
ping - suid, runner ping - suid, runner
ping6 - suid, runner ping6 - suid, runner
pipe_progress pipe_progress - longterm
pivot_root pivot_root - nofork candidate? the code is trivial
pkill - nofork candidate(xregcomp, procps_scan - are they ok?) pkill - nofork candidate(xregcomp, procps_scan - are they ok?)
pmap - noexec candidate, leaks: open+xstrdup pmap - noexec candidate, leaks: open+xstrdup
popmaildir - runner popmaildir - runner
@ -378,7 +378,7 @@ udhcpc - daemon
udhcpd - daemon udhcpd - daemon
udpsvd - daemon udpsvd - daemon
uevent - daemon uevent - daemon
umount umount - noexec candidate, leaks: nested xmalloc
uname - NOFORK uname - NOFORK
uncompress - runner uncompress - runner
unexpand - runner unexpand - runner
@ -398,16 +398,16 @@ vconfig - leaks: xsocket+ioctl_or_perror_and_die
vi - interactive, longterm vi - interactive, longterm
vlock - suid vlock - suid
volname - runner volname - runner
w w - nofork candidate(is getutxent ok?)
wall - suid wall - suid
watch - longterm watch - longterm
watchdog - daemon watchdog - daemon
wc - runner wc - runner
wget - longterm wget - longterm
which - NOFORK which - NOFORK
who who - nofork candidate(is getutxent ok?)
whoami - NOFORK whoami - NOFORK
whois whois - needs ^C
xargs - noexec. spawner xargs - noexec. spawner
xxd - noexec. runner xxd - noexec. runner
xz - runner xz - runner

View File

@ -26,7 +26,7 @@
//config: If you set this option to N, "mesg y" will enable writing //config: If you set this option to N, "mesg y" will enable writing
//config: by anybody at all. This is not recommended. //config: by anybody at all. This is not recommended.
//applet:IF_MESG(APPLET(mesg, BB_DIR_USR_BIN, BB_SUID_DROP)) //applet:IF_MESG(APPLET_NOFORK(mesg, mesg, BB_DIR_USR_BIN, BB_SUID_DROP, mesg))
//kbuild:lib-$(CONFIG_MESG) += mesg.o //kbuild:lib-$(CONFIG_MESG) += mesg.o
@ -60,10 +60,15 @@ int mesg_main(int argc UNUSED_PARAM, char **argv)
bb_show_usage(); bb_show_usage();
} }
/* We are a NOFORK applet.
* (Not that it's very useful, but code is trivially NOFORK-safe).
* Play nice. Do not leak anything.
*/
if (!isatty(STDIN_FILENO)) if (!isatty(STDIN_FILENO))
bb_error_msg_and_die("not a tty"); bb_error_msg_and_die("not a tty");
xfstat(STDIN_FILENO, &sb, "stderr"); xfstat(STDIN_FILENO, &sb, "stdin");
if (c == 0) { if (c == 0) {
puts((sb.st_mode & (S_IWGRP|S_IWOTH)) ? "is y" : "is n"); puts((sb.st_mode & (S_IWGRP|S_IWOTH)) ? "is y" : "is n");
return EXIT_SUCCESS; return EXIT_SUCCESS;