emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cryptpw, mkpasswd: make them NOEXEC

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2017-08-05 02:08:23 +02:00
parent ff53bee723
commit feb79e8742
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NOFORK_NOEXEC.lst
View File

@ -79,7 +79,7 @@ cp - noexec. runner
cpio - runner cpio - runner
crond - daemon crond - daemon
crontab 0 leaks: open+xasprintf crontab 0 leaks: open+xasprintf
cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate. cryptpw - noexec. changes state: with --password-fd=N, moves N to stdin
cttyhack - noexec. spawner cttyhack - noexec. spawner
cut - noexec. runner cut - noexec. runner
date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
@ -229,7 +229,7 @@ mkfs.ext2 - needs ^C
mkfs.minix - needs ^C mkfs.minix - needs ^C
mkfs.vfat - needs ^C mkfs.vfat - needs ^C
mknod - noexec mknod - noexec
mkpasswd - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. noexec candidate. mkpasswd - noexec. changes state: with --password-fd=N, moves N to stdin
mkswap - needs ^C mkswap - needs ^C
mktemp - noexec. leaks: xstrdup+concat_path_file mktemp - noexec. leaks: xstrdup+concat_path_file
modinfo - noexec modinfo - noexec

6
loginutils/cryptpw.c
View File

@ -24,9 +24,9 @@
//config: using the given salt. Debian has this utility under mkpasswd //config: using the given salt. Debian has this utility under mkpasswd
//config: name. Busybox provides mkpasswd as an alias for cryptpw. //config: name. Busybox provides mkpasswd as an alias for cryptpw.
//applet:IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP)) //applet:IF_CRYPTPW( APPLET_NOEXEC(cryptpw, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw))
// APPLET_ODDNAME:name main location suid_type help // APPLET_NOEXEC:name main location suid_type help
//applet:IF_MKPASSWD(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw)) //applet:IF_MKPASSWD(APPLET_NOEXEC(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw))
//kbuild:lib-$(CONFIG_CRYPTPW) += cryptpw.o //kbuild:lib-$(CONFIG_CRYPTPW) += cryptpw.o
//kbuild:lib-$(CONFIG_MKPASSWD) += cryptpw.o //kbuild:lib-$(CONFIG_MKPASSWD) += cryptpw.o