From 9f59849daab488b5a46926a2979e8b957021e844 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sat, 5 Aug 2017 01:29:12 +0200 Subject: [PATCH] blockdev, fsfreeze, fstrim, mountpoint: make NOEXEC Signed-off-by: Denys Vlasenko --- NOFORK_NOEXEC.lst | 8 ++++---- util-linux/blockdev.c | 2 +- util-linux/fsfreeze.c | 2 +- util-linux/fstrim.c | 2 +- util-linux/mountpoint.c | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index ad49cd809..b2f410177 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -51,7 +51,7 @@ basename - NOFORK beep blkdiscard blkid -blockdev - noexec candidate (rather simple), leaks fd +blockdev - noexec. leaks fd bootchartd - daemon brctl bunzip2 - runner @@ -134,8 +134,8 @@ free - nofork candidate(struct globals, needs to close /proc/meminfo fd) freeramdisk - leaks: open+ioctl_or_perror_and_die fsck - interactive, longterm fsck.minix - needs ^C -fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl -fstrim - noexec candidate (it's very simple), leaks: open+xioctl, find_block_device -> readdir+xstrdup +fsfreeze - noexec. leaks: open+xioctl +fstrim - noexec. leaks: open+xioctl, find_block_device -> readdir+xstrdup fsync - NOFORK ftpd - daemon ftpget - runner @@ -236,7 +236,7 @@ modinfo - noexec modprobe - noexec more - interactive, longterm mount - suid -mountpoint - noexec candidate, leaks: option -n "print dev name": find_block_device -> readdir+xstrdup +mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup mpstat - noexec candidate (it's a measuring tool, putting less load by itself is good), complex mt - rare mv - noexec candidate, runner diff --git a/util-linux/blockdev.c b/util-linux/blockdev.c index 9e1fef206..e53ade995 100644 --- a/util-linux/blockdev.c +++ b/util-linux/blockdev.c @@ -11,7 +11,7 @@ //config: help //config: Performs some ioctls with block devices. -//applet:IF_BLOCKDEV(APPLET(blockdev, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_BLOCKDEV(APPLET_NOEXEC(blockdev, blockdev, BB_DIR_SBIN, BB_SUID_DROP, blockdev)) //kbuild:lib-$(CONFIG_BLOCKDEV) += blockdev.o diff --git a/util-linux/fsfreeze.c b/util-linux/fsfreeze.c index 5c10c8044..c1f31569f 100644 --- a/util-linux/fsfreeze.c +++ b/util-linux/fsfreeze.c @@ -13,7 +13,7 @@ //config: help //config: Halt new accesses and flush writes on a mounted filesystem. -//applet:IF_FSFREEZE(APPLET(fsfreeze, BB_DIR_USR_SBIN, BB_SUID_DROP)) +//applet:IF_FSFREEZE(APPLET_NOEXEC(fsfreeze, fsfreeze, BB_DIR_USR_SBIN, BB_SUID_DROP, fsfreeze)) //kbuild:lib-$(CONFIG_FSFREEZE) += fsfreeze.o diff --git a/util-linux/fstrim.c b/util-linux/fstrim.c index 6d0d61d92..49b3ceb72 100644 --- a/util-linux/fstrim.c +++ b/util-linux/fstrim.c @@ -15,7 +15,7 @@ //config: help //config: Discard unused blocks on a mounted filesystem. -//applet:IF_FSTRIM(APPLET(fstrim, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_FSTRIM(APPLET_NOEXEC(fstrim, fstrim, BB_DIR_SBIN, BB_SUID_DROP, fstrim)) //kbuild:lib-$(CONFIG_FSTRIM) += fstrim.o diff --git a/util-linux/mountpoint.c b/util-linux/mountpoint.c index b7f048196..50772533f 100644 --- a/util-linux/mountpoint.c +++ b/util-linux/mountpoint.c @@ -14,7 +14,7 @@ //config: help //config: mountpoint checks if the directory is a mountpoint. -//applet:IF_MOUNTPOINT(APPLET(mountpoint, BB_DIR_BIN, BB_SUID_DROP)) +//applet:IF_MOUNTPOINT(APPLET_NOEXEC(mountpoint, mountpoint, BB_DIR_BIN, BB_SUID_DROP, mountpoint)) //kbuild:lib-$(CONFIG_MOUNTPOINT) += mountpoint.o