runlevel: make it NOEXEC

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2017-08-04 17:59:46 +02:00
parent 6bec24c4f5
commit 83d7785e41
2 changed files with 20 additions and 20 deletions

View File

@ -66,21 +66,21 @@ chgrp - noexec. runner
chmod - noexec. runner chmod - noexec. runner
chown - noexec. runner chown - noexec. runner
chpasswd - runner (list of "user:password"s from stdin) chpasswd - runner (list of "user:password"s from stdin)
chpst - spawner chpst - noexec candidate, spawner
chroot - spawner chroot - noexec candidate, spawner
chrt - spawner chrt - noexec candidate, spawner
chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
cksum - noexec. runner cksum - noexec. runner
clear - NOFORK clear - NOFORK
cmp - runner cmp - runner
comm - runner comm - runner
conspy - interactive conspy - interactive, longterm
cp - noexec. runner cp - noexec. runner
cpio - runner cpio - runner
crond - daemon crond - daemon
crontab crontab
cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec. cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec.
cttyhack - spawner cttyhack - noexec candidate, spawner
cut - noexec. runner cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
dc - runner (eats stdin if no params) dc - runner (eats stdin if no params)
@ -90,7 +90,7 @@ delgroup
deluser deluser
depmod - complex, rare depmod - complex, rare
devmem - runner, complex (access to device memory may hang) devmem - runner, complex (access to device memory may hang)
df - complex (nested allocs) df - leaks: nested allocs
dhcprelay - daemon dhcprelay - daemon
diff - runner diff - runner
dirname - NOFORK dirname - NOFORK
@ -106,15 +106,15 @@ echo - NOFORK
ed - interactive, longterm ed - interactive, longterm
egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory) egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds) eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds)
env - noexec. changes state (env) env - noexec. spawner, changes state (env)
envdir - spawner envdir - noexec candidate, spawner
envuidgid - spawner envuidgid - noexec candidate, spawner
expand - runner expand - runner
expr - complex (nested allocs) expr - leaks: nested allocs
factor - runner (eats stdin if no params) factor - runner (eats stdin if no params)
fakeidentd - daemon fakeidentd - daemon
false - NOFORK false - NOFORK
fatattr - complex (xopen+xioctl can leak fd) fatattr - leaks: open+xioctl, complex
fbset - leaks: open+xfunc, complex, rare fbset - leaks: open+xfunc, complex, rare
fbsplash - runner, longterm fbsplash - runner, longterm
fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
@ -134,14 +134,14 @@ free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
freeramdisk - leaks: open+ioctl_or_perror_and_die freeramdisk - leaks: open+ioctl_or_perror_and_die
fsck - interactive, longterm fsck - interactive, longterm
fsck.minix fsck.minix
fsfreeze fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl
fstrim fstrim - noexec candidate (it's very simple), leaks: open+xioctl
fsync - NOFORK fsync - NOFORK
ftpd - daemon ftpd - daemon
ftpget - runner ftpget - runner
ftpput - runner ftpput - runner
fuser - complex fuser - complex
getopt - noexec. complex (many allocs) getopt - noexec. leaks: many allocs
getty - interactive, longterm getty - interactive, longterm
grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory) grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory)
groups - noexec groups - noexec
@ -156,7 +156,7 @@ hostid - NOFORK
hostname - DNS resolution may trigger, need ^C hostname - DNS resolution may trigger, need ^C
httpd - daemon httpd - daemon
hush - interactive, longterm hush - interactive, longterm
hwclock hwclock - talks to hardware (xioctl(RTC_RD_TIME)) - needs ^C
i2cdetect i2cdetect
i2cdump i2cdump
i2cget i2cget
@ -293,9 +293,9 @@ rmmod - noexec
route route
rpm - runner rpm - runner
rpm2cpio - runner rpm2cpio - runner
rtcwake - complex, rare rtcwake - puts system to sleep, optimizing this for speed is pointless
run-parts run-parts
runlevel runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
runsv - daemon runsv - daemon
runsvdir - daemon runsvdir - daemon
rx - runner rx - runner
@ -400,10 +400,10 @@ vlock - suid
volname - runner volname - runner
w w
wall - suid wall - suid
watch - runner watch - longterm
watchdog - daemon watchdog - daemon
wc - runner wc - runner
wget - runner wget - longterm
which - NOFORK which - NOFORK
who who
whoami - NOFORK whoami - NOFORK

View File

@ -21,7 +21,7 @@
//config: This applet uses utmp but does not rely on busybox supporing //config: This applet uses utmp but does not rely on busybox supporing
//config: utmp on purpose. It is used by e.g. emdebian via /etc/init.d/rc. //config: utmp on purpose. It is used by e.g. emdebian via /etc/init.d/rc.
//applet:IF_RUNLEVEL(APPLET(runlevel, BB_DIR_SBIN, BB_SUID_DROP)) //applet:IF_RUNLEVEL(APPLET_NOEXEC(runlevel, runlevel, BB_DIR_SBIN, BB_SUID_DROP, runlevel))
//kbuild:lib-$(CONFIG_RUNLEVEL) += runlevel.o //kbuild:lib-$(CONFIG_RUNLEVEL) += runlevel.o