Commit Graph

61 Commits

Author SHA1 Message Date
Denys Vlasenko
b63afead44 ip,ip*: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-09-18 15:45:13 +02:00
Denys Vlasenko
c3e60e1e9a update NOFORK_NOEXEC.lst
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-09-18 14:34:15 +02:00
Denys Vlasenko
9a6f62fd51 ps: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-10 14:15:52 +02:00
Denys Vlasenko
3bc2317c61 Update NOFORK_NOEXEC.lst
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-09 19:51:17 +02:00
Denys Vlasenko
a4d4ab04c3 vconfig: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-09 18:52:19 +02:00
Denys Vlasenko
8858a9864e libbb: rearrange NOFORK/NOEXEC code, logic is not changed
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 01:21:49 +02:00
Denys Vlasenko
90ad4ba9db ipcalc,rdev: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 00:42:15 +02:00
Denys Vlasenko
dbbc3f2e64 dumpleases: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 23:30:22 +02:00
Denys Vlasenko
af5d008669 expr: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 23:23:18 +02:00
Denys Vlasenko
ec98e3a628 freeramdisk: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 23:17:14 +02:00
Denys Vlasenko
ae84418d26 losetup: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 23:14:49 +02:00
Denys Vlasenko
354b104df1 fatattr: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 22:21:54 +02:00
Denys Vlasenko
fc9efcb53b df: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 22:19:17 +02:00
Denys Vlasenko
ed4393bdc7 dnsdomainname,hostname: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 20:34:26 +02:00
Denys Vlasenko
248a67fb75 free,stat: make NOEXEC
pkill/pgrep/pidof uncovered another quirk: what about noexec's _process names_?

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 18:18:09 +02:00
Denys Vlasenko
1a1203ff89 users,w,who,uptime,renice: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 16:47:34 +02:00
Denys Vlasenko
798b94518e ubi tools: ubiupdatevol supports "-" input and actually respects -s SIZE
Decided to not make any flash applets NOEXEC.
Minor robustifications here and there. Better error messages. Save on strings:

function                                             old     new   delta
ubi_tools_main                                      1235    1288     +53
ubi_get_volid_by_name                                125     133      +8
ubirename_main                                       198     204      +6
get_num_from_file                                     90      94      +4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/0 up/down: 71/0)               Total: 71 bytes
   text	   data	    bss	    dec	    hex	filename
 915696	    485	   6880	 923061	  e15b5	busybox_old
 915670	    485	   6880	 923035	  e159b	busybox_unstripped

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 16:00:25 +02:00
Denys Vlasenko
115e0a7199 ubi_tools: a bit smaller applet resolution code
function                                             old     new   delta
ubi_tools_main                                      1241    1235      -6

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 02:55:33 +02:00
Denys Vlasenko
dd55d5d53c script: make -t independent of scriptreplay
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 01:53:17 +02:00
Denys Vlasenko
7b8372b819 add/remove-shell,add/deluser,add/delgroup: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-07 00:28:15 +02:00
Denys Vlasenko
bfc66d4980 nbd-client: make it NOEXEC, stop using argc
function                                             old     new   delta
nbdclient_main                                       484     492      +8

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 21:53:39 +02:00
Denys Vlasenko
9536ef7c98 makedevs: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 21:47:07 +02:00
Denys Vlasenko
184c738582 stty: fix bb_common_bufsiz1 use in NOEXEC
function                                             old     new   delta
stty_main                                           1211    1221     +10
do_display                                           379     370      -9

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:55:56 +02:00
Denys Vlasenko
035e71578e readprofile: do not close/free just before exiting
function                                             old     new   delta
readprofile_main                                    1784    1762     -22

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:39:27 +02:00
Denys Vlasenko
277081e0a4 blkdiscard: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:20:47 +02:00
Denys Vlasenko
bf18239e3d blkid: make it NOEXEC, make FEATURE_BLKID_TYPE=y default
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:16:28 +02:00
Denys Vlasenko
86e07f6893 brctl: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:14:02 +02:00
Denys Vlasenko
ed7d118dd0 adjtimex: make it NOFORK
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 20:00:21 +02:00
Denys Vlasenko
a894a4bedd raidautorun: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 19:08:46 +02:00
Denys Vlasenko
1b280e4652 loadfont,setfont: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 19:05:45 +02:00
Denys Vlasenko
5cb907fffc setconsole: make it NOEXEC
BTW, I failed to make it do what it meant to do.
ioctl appears to succeed, but kernel's output is not coming
to the specified console (tried on VT consoles too).
OTOH, setlogcons does work...

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 18:56:25 +02:00
Denys Vlasenko
b83db4ddae setkeycodes: make it NOEXEC, better --help text
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 18:29:25 +02:00
Denys Vlasenko
341ce0a31e setlogcons: make it NOEXEC, better --help text
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 18:17:58 +02:00
Denys Vlasenko
97b738d359 setserial: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 18:06:46 +02:00
Denys Vlasenko
2262746e2b slattach: code shrink, better --help text
function                                             old     new   delta
tcsetattr_serial_or_warn                               -      34     +34
static.int_N_SLIP                                      -       4      +4
restore_state_and_exit                               123     117      -6
packed_usage                                       31774   31747     -27
set_termios_state_or_warn                             42       -     -42
slattach_main                                        673     624     -49
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 0/3 up/down: 38/-124)           Total: -86 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 17:14:09 +02:00
Denys Vlasenko
a759b22c29 nameif: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 14:15:24 +02:00
Denys Vlasenko
9a58cc0f7f tunctl: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-06 12:28:00 +02:00
Denys Vlasenko
3239ab89c9 lspci,lsscsi,lsusb: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 23:28:19 +02:00
Denys Vlasenko
83a6c8d58b umount: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 23:21:02 +02:00
Denys Vlasenko
00c1811d87 pstree: make it NOEXEC
While at it, documet why ps can't be NOEXEC.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 22:25:00 +02:00
Denys Vlasenko
99125c0495 chattr,lsattr,tune2fs: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 20:38:04 +02:00
Denys Vlasenko
caf26b36f3 sysctl: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 18:23:10 +02:00
Denys Vlasenko
feb79e8742 cryptpw, mkpasswd: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 02:08:23 +02:00
Denys Vlasenko
ff53bee723 chvt, deallocvt, dumpkmap, fgconsole, loadkmap: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 02:02:31 +02:00
Denys Vlasenko
fdb92359e4 pivot_root: make it NOFORK
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:51:12 +02:00
Denys Vlasenko
9c49d6e11b partprobe: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:46:39 +02:00
Denys Vlasenko
a453ca576f sv, svc: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:42:08 +02:00
Denys Vlasenko
9f59849daa blockdev, fsfreeze, fstrim, mountpoint: make NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-05 01:29:12 +02:00
Denys Vlasenko
692eeb81a4 stty: make in NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 20:07:19 +02:00
Denys Vlasenko
5c527dc57e make 17 state-changing execing applets (ex: "nice PROG ARGS") noexec
The applets with "<applet> [opts] PROG ARGS" API very quickly exec
another program, noexec is okay for them:

 chpst/envdir/envuidgid/softlimit/setuidgid
 chroot
 chrt
 ionice
 nice
 nohup
 setarch/linux32/linux64
 taskset
 cttyhack

"reset" and "sulogin" applets don't have this form, but also exec
another program at once, thus made noexec too.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-04 19:55:01 +02:00