chat: trim help text
Noticed while auditing nofork/noexec status function old new delta packed_usage 31777 31747 -30 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
dd5a40246b
commit
74c05f5b2c
|
@ -11,8 +11,8 @@ runner: sometimes may run for long(ish) time, and/or works with network:
|
||||||
^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
|
^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
|
||||||
|
|
||||||
"runners" can become eligible after shell is taught ^C to interrupt NOFORKs,
|
"runners" can become eligible after shell is taught ^C to interrupt NOFORKs,
|
||||||
need to be inspected that they do not fall into alloc+xfunc, open+xfunc
|
need to be inspected that they do not fall into alloc+xfunc, open+xfunc,
|
||||||
categories.
|
leak categories.
|
||||||
|
|
||||||
Why can't be NOEXEC:
|
Why can't be NOEXEC:
|
||||||
suid: runs under different uid - must fork+exec
|
suid: runs under different uid - must fork+exec
|
||||||
|
@ -23,7 +23,15 @@ daemon: runs indefinitely; these are also always fit "rare" category
|
||||||
longterm: often runs for a long time (many seconds), execing would make
|
longterm: often runs for a long time (many seconds), execing would make
|
||||||
memory footprint smaller
|
memory footprint smaller
|
||||||
complex: no immediately obvious reason why NOFORK wouldn't work,
|
complex: no immediately obvious reason why NOFORK wouldn't work,
|
||||||
but does some non-obvoius operations (example: fuser, lsof, losetup)
|
but does some non-obvoius operations (example: fuser, lsof, losetup);
|
||||||
|
detailed audit often turns out that it's a leaker
|
||||||
|
|
||||||
|
Interesting example of "interactive" applet which is nevertheless can be
|
||||||
|
(and is) NOEXEC is "rm". Yes, "rm -i" is interactive - but it's not that typical
|
||||||
|
for users to keep it waiting for many minutes, whereas running "rm" in shell
|
||||||
|
is very typical, and speeding up this common use via NOEXEC is useful.
|
||||||
|
IOW: rm is "interactive", but not "longterm".
|
||||||
|
|
||||||
|
|
||||||
[ - NOFORK
|
[ - NOFORK
|
||||||
[[ - NOFORK
|
[[ - NOFORK
|
||||||
|
@ -34,9 +42,9 @@ adduser
|
||||||
adjtimex
|
adjtimex
|
||||||
ar - runner
|
ar - runner
|
||||||
arch - NOFORK
|
arch - NOFORK
|
||||||
arp
|
arp - complex, rare
|
||||||
arping - runner
|
arping - runner
|
||||||
ash - interactive
|
ash - interactive, longterm
|
||||||
awk - noexec. runner
|
awk - noexec. runner
|
||||||
base64 - runner
|
base64 - runner
|
||||||
basename - NOFORK
|
basename - NOFORK
|
||||||
|
@ -52,7 +60,7 @@ bzcat - runner
|
||||||
bzip2 - runner
|
bzip2 - runner
|
||||||
cal - runner: cal -n9999
|
cal - runner: cal -n9999
|
||||||
cat - runner
|
cat - runner
|
||||||
chat
|
chat - needs ^C to work
|
||||||
chattr - runner
|
chattr - runner
|
||||||
chgrp - noexec. runner
|
chgrp - noexec. runner
|
||||||
chmod - noexec. runner
|
chmod - noexec. runner
|
||||||
|
@ -77,10 +85,10 @@ cut - noexec. runner
|
||||||
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
|
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
|
||||||
dc - runner (eats stdin if no params)
|
dc - runner (eats stdin if no params)
|
||||||
dd - noexec. runner
|
dd - noexec. runner
|
||||||
deallocvt
|
deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
|
||||||
delgroup
|
delgroup
|
||||||
deluser
|
deluser
|
||||||
depmod
|
depmod - complex, rare
|
||||||
devmem - runner, complex (access to device memory may hang)
|
devmem - runner, complex (access to device memory may hang)
|
||||||
df - complex (nested allocs)
|
df - complex (nested allocs)
|
||||||
dhcprelay - daemon
|
dhcprelay - daemon
|
||||||
|
@ -88,16 +96,16 @@ diff - runner
|
||||||
dirname - NOFORK
|
dirname - NOFORK
|
||||||
dmesg - runner
|
dmesg - runner
|
||||||
dnsd - daemon
|
dnsd - daemon
|
||||||
dnsdomainname - DNS resolution may trigger, need ^C
|
dnsdomainname - needs ^C (may talk to DNS servers, which may be down)
|
||||||
dos2unix - noexec. runner
|
dos2unix - noexec. runner
|
||||||
dpkg - runner
|
dpkg - runner
|
||||||
du - runner
|
du - runner
|
||||||
dumpkmap
|
dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
|
||||||
dumpleases
|
dumpleases
|
||||||
echo - NOFORK
|
echo - NOFORK
|
||||||
ed - interactive
|
ed - interactive, longterm
|
||||||
egrep - runner
|
egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
|
||||||
eject
|
eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds)
|
||||||
env - noexec. changes state (env)
|
env - noexec. changes state (env)
|
||||||
envdir - spawner
|
envdir - spawner
|
||||||
envuidgid - spawner
|
envuidgid - spawner
|
||||||
|
@ -107,24 +115,24 @@ factor - runner (eats stdin if no params)
|
||||||
fakeidentd - daemon
|
fakeidentd - daemon
|
||||||
false - NOFORK
|
false - NOFORK
|
||||||
fatattr - complex (xopen+xioctl can leak fd)
|
fatattr - complex (xopen+xioctl can leak fd)
|
||||||
fbset
|
fbset - leaks: open+xfunc, complex, rare
|
||||||
fbsplash - runner, interactive
|
fbsplash - runner, longterm
|
||||||
fdflush
|
fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
|
||||||
fdformat - runner
|
fdformat - needs ^C (floppy may be unresponsive), longterm, rare
|
||||||
fdisk - interactive
|
fdisk - interactive, longterm
|
||||||
fgconsole
|
fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
|
||||||
fgrep - runner
|
fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory)
|
||||||
find - noexec. runner
|
find - noexec. runner
|
||||||
findfs - suid
|
findfs - suid
|
||||||
flash_eraseall
|
flash_eraseall
|
||||||
flash_lock
|
flash_lock
|
||||||
flash_unlock
|
flash_unlock
|
||||||
flashcp
|
flashcp
|
||||||
flock
|
flock - spawner, changes state (file locks)
|
||||||
fold - noexec. runner
|
fold - noexec. runner
|
||||||
free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
|
free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
|
||||||
freeramdisk
|
freeramdisk - leaks: open+ioctl_or_perror_and_die
|
||||||
fsck - interactive
|
fsck - interactive, longterm
|
||||||
fsck.minix
|
fsck.minix
|
||||||
fsfreeze
|
fsfreeze
|
||||||
fstrim
|
fstrim
|
||||||
|
@ -134,8 +142,8 @@ ftpget - runner
|
||||||
ftpput - runner
|
ftpput - runner
|
||||||
fuser - complex
|
fuser - complex
|
||||||
getopt - noexec. complex (many allocs)
|
getopt - noexec. complex (many allocs)
|
||||||
getty - interactive
|
getty - interactive, longterm
|
||||||
grep - runner
|
grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory)
|
||||||
groups - noexec
|
groups - noexec
|
||||||
gunzip - runner
|
gunzip - runner
|
||||||
gzip - runner
|
gzip - runner
|
||||||
|
@ -147,7 +155,7 @@ hexdump - noexec. runner
|
||||||
hostid - NOFORK
|
hostid - NOFORK
|
||||||
hostname - DNS resolution may trigger, need ^C
|
hostname - DNS resolution may trigger, need ^C
|
||||||
httpd - daemon
|
httpd - daemon
|
||||||
hush - interactive
|
hush - interactive, longterm
|
||||||
hwclock
|
hwclock
|
||||||
i2cdetect
|
i2cdetect
|
||||||
i2cdump
|
i2cdump
|
||||||
|
@ -180,39 +188,39 @@ killall - NOFORK
|
||||||
killall5 - NOFORK
|
killall5 - NOFORK
|
||||||
klogd - daemon
|
klogd - daemon
|
||||||
last - runner (I've got 1300 lines of output when tried it)
|
last - runner (I've got 1300 lines of output when tried it)
|
||||||
less - interactive
|
less - interactive, longterm
|
||||||
link - NOFORK
|
link - NOFORK
|
||||||
linux32 - spawner
|
linux32 - spawner
|
||||||
linux64 - spawner
|
linux64 - spawner
|
||||||
linuxrc - daemon
|
linuxrc - daemon
|
||||||
ln - noexec
|
ln - noexec
|
||||||
loadfont
|
loadfont
|
||||||
loadkmap
|
loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
|
||||||
logger - runner
|
logger - runner
|
||||||
login - suid, interactive
|
login - suid, interactive, longterm
|
||||||
logname - NOFORK
|
logname - NOFORK
|
||||||
losetup - complex
|
losetup - complex
|
||||||
lpd - daemon
|
lpd - daemon
|
||||||
lpq - runner
|
lpq - runner
|
||||||
lpr - runner
|
lpr - runner
|
||||||
ls - noexec. runner
|
ls - noexec. runner
|
||||||
lsattr
|
lsattr - runner. noexec candidate (ls is, why not this one?)
|
||||||
lsmod - noexec
|
lsmod - noexec
|
||||||
lsof - complex
|
lsof - complex
|
||||||
lspci
|
lspci - noexec candidate, too rare to bother for nofork
|
||||||
lsscsi
|
lsscsi - noexec candidate, too rare to bother for nofork
|
||||||
lsusb
|
lsusb - noexec candidate, too rare to bother for nofork
|
||||||
lzcat - runner
|
lzcat - runner
|
||||||
lzma - runner
|
lzma - runner
|
||||||
lzop - runner
|
lzop - runner
|
||||||
lzopcat - runner
|
lzopcat - runner
|
||||||
makedevs
|
makedevs
|
||||||
makemime - runner
|
makemime - runner
|
||||||
man - spawner, interactive
|
man - spawner, interactive, longterm
|
||||||
md5sum - noexec. runner
|
md5sum - noexec. runner
|
||||||
mdev - daemon
|
mdev - daemon
|
||||||
mesg
|
mesg
|
||||||
microcom - interactive, complex
|
microcom - interactive, longterm
|
||||||
mkdir - NOFORK
|
mkdir - NOFORK
|
||||||
mkdosfs
|
mkdosfs
|
||||||
mke2fs
|
mke2fs
|
||||||
|
@ -223,10 +231,10 @@ mkfs.vfat
|
||||||
mknod - noexec
|
mknod - noexec
|
||||||
mkpasswd
|
mkpasswd
|
||||||
mkswap
|
mkswap
|
||||||
mktemp
|
mktemp - leaks: xstrdup+concat_path_file
|
||||||
modinfo - noexec
|
modinfo - noexec
|
||||||
modprobe - noexec
|
modprobe - noexec
|
||||||
more - interactive
|
more - interactive, longterm
|
||||||
mount - suid
|
mount - suid
|
||||||
mountpoint
|
mountpoint
|
||||||
mpstat
|
mpstat
|
||||||
|
@ -305,12 +313,11 @@ setpriv - spawner
|
||||||
setserial
|
setserial
|
||||||
setsid - spawner
|
setsid - spawner
|
||||||
setuidgid
|
setuidgid
|
||||||
sh - interactive
|
|
||||||
sha1sum - noexec. runner
|
sha1sum - noexec. runner
|
||||||
sha256sum - noexec. runner
|
sha256sum - noexec. runner
|
||||||
sha3sum - noexec. runner
|
sha3sum - noexec. runner
|
||||||
sha512sum - noexec. runner
|
sha512sum - noexec. runner
|
||||||
showkey - interactive
|
showkey - interactive, longterm
|
||||||
shred - runner
|
shred - runner
|
||||||
shuf - noexec. runner
|
shuf - noexec. runner
|
||||||
slattach
|
slattach
|
||||||
|
@ -342,7 +349,7 @@ tar - runner
|
||||||
taskset - spawner
|
taskset - spawner
|
||||||
tcpsvd - daemon
|
tcpsvd - daemon
|
||||||
tee - runner
|
tee - runner
|
||||||
telnet - interactive
|
telnet - interactive, longterm
|
||||||
telnetd - daemon
|
telnetd - daemon
|
||||||
test - NOFORK
|
test - NOFORK
|
||||||
tftp - runner
|
tftp - runner
|
||||||
|
@ -359,7 +366,7 @@ truncate - NOFORK
|
||||||
tty - NOFORK
|
tty - NOFORK
|
||||||
ttysize - NOFORK
|
ttysize - NOFORK
|
||||||
tunctl
|
tunctl
|
||||||
tune2fs
|
tune2fs - leaks: open+xfunc
|
||||||
ubiattach
|
ubiattach
|
||||||
ubidetach
|
ubidetach
|
||||||
ubimkvol
|
ubimkvol
|
||||||
|
@ -387,8 +394,8 @@ users - nofork candidate(is getutxent ok?)
|
||||||
usleep - NOFORK
|
usleep - NOFORK
|
||||||
uudecode - runner
|
uudecode - runner
|
||||||
uuencode - runner
|
uuencode - runner
|
||||||
vconfig
|
vconfig - leaks: xsocket+ioctl_or_perror_and_die
|
||||||
vi - interactive
|
vi - interactive, longterm
|
||||||
vlock - suid
|
vlock - suid
|
||||||
volname - runner
|
volname - runner
|
||||||
w
|
w
|
||||||
|
|
|
@ -82,8 +82,8 @@
|
||||||
//usage: "EXPECT [SEND [EXPECT [SEND...]]]"
|
//usage: "EXPECT [SEND [EXPECT [SEND...]]]"
|
||||||
//usage:#define chat_full_usage "\n\n"
|
//usage:#define chat_full_usage "\n\n"
|
||||||
//usage: "Useful for interacting with a modem connected to stdin/stdout.\n"
|
//usage: "Useful for interacting with a modem connected to stdin/stdout.\n"
|
||||||
//usage: "A script consists of one or more \"expect-send\" pairs of strings,\n"
|
//usage: "A script consists of \"expect-send\" argument pairs.\n"
|
||||||
//usage: "each pair is a pair of arguments. Example:\n"
|
//usage: "Example:\n"
|
||||||
//usage: "chat '' ATZ OK ATD123456 CONNECT '' ogin: pppuser word: ppppass '~'"
|
//usage: "chat '' ATZ OK ATD123456 CONNECT '' ogin: pppuser word: ppppass '~'"
|
||||||
|
|
||||||
#include "libbb.h"
|
#include "libbb.h"
|
||||||
|
|
|
@ -67,8 +67,12 @@ int freeramdisk_main(int argc UNUSED_PARAM, char **argv)
|
||||||
fd = xopen(single_argv(argv), O_RDWR);
|
fd = xopen(single_argv(argv), O_RDWR);
|
||||||
|
|
||||||
// Act like freeramdisk, fdflush, or both depending on configuration.
|
// Act like freeramdisk, fdflush, or both depending on configuration.
|
||||||
ioctl_or_perror_and_die(fd, (ENABLE_FREERAMDISK && applet_name[1] == 'r')
|
ioctl_or_perror_and_die(fd,
|
||||||
|| !ENABLE_FDFLUSH ? BLKFLSBUF : FDFLUSH, NULL, "%s", argv[1]);
|
((ENABLE_FREERAMDISK && applet_name[1] == 'r') || !ENABLE_FDFLUSH)
|
||||||
|
? BLKFLSBUF
|
||||||
|
: FDFLUSH,
|
||||||
|
NULL, "%s", argv[1]
|
||||||
|
);
|
||||||
|
|
||||||
if (ENABLE_FEATURE_CLEAN_UP) close(fd);
|
if (ENABLE_FEATURE_CLEAN_UP) close(fd);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user