aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2017-08-04 02:56:39 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2017-08-04 02:56:39 +0200
commit3346b4afc5c81d53eae4e7fc7e12ebd6fa573a4e (patch)
treee33011f2b34b79a7c974f0aefc13b9a72378e811
parent4dc86699b57ff35c287ca396d562ec206776694a (diff)
downloadbusybox-w32-3346b4afc5c81d53eae4e7fc7e12ebd6fa573a4e.tar.gz
busybox-w32-3346b4afc5c81d53eae4e7fc7e12ebd6fa573a4e.tar.bz2
busybox-w32-3346b4afc5c81d53eae4e7fc7e12ebd6fa573a4e.zip
modutils: make them NOEXEC except depmod
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat
-rw-r--r--NOFORK_NOEXEC.lst10
-rw-r--r--modutils/insmod.c2
-rw-r--r--modutils/lsmod.c2
-rw-r--r--modutils/modinfo.c2
-rw-r--r--modutils/modprobe-small.c15
-rw-r--r--modutils/modprobe.c2
-rw-r--r--modutils/rmmod.c2
7 files changed, 19 insertions, 16 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 9fcef7823..12ae1cd55 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -156,7 +156,7 @@ ifplugd - daemon
156inetd - daemon 156inetd - daemon
157init - daemon 157init - daemon
158inotifyd - daemon 158inotifyd - daemon
159insmod 159insmod - noexec
160install - runner 160install - runner
161ionice - spawner 161ionice - spawner
162iostat - runner 162iostat - runner
@@ -193,7 +193,7 @@ lpq - runner
193lpr - runner 193lpr - runner
194ls - noexec. runner 194ls - noexec. runner
195lsattr 195lsattr
196lsmod 196lsmod - noexec
197lsof - complex 197lsof - complex
198lspci 198lspci
199lsscsi 199lsscsi
@@ -220,8 +220,8 @@ mknod - noexec
220mkpasswd 220mkpasswd
221mkswap 221mkswap
222mktemp 222mktemp
223modinfo 223modinfo - noexec
224modprobe 224modprobe - noexec
225more - interactive 225more - interactive
226mount - suid 226mount - suid
227mountpoint 227mountpoint
@@ -277,7 +277,7 @@ resize - noexec. changes state (signal handlers)
277rev - runner 277rev - runner
278rm - noexec. rm -i interactive 278rm - noexec. rm -i interactive
279rmdir - NOFORK 279rmdir - NOFORK
280rmmod 280rmmod - noexec
281route 281route
282rpm - runner 282rpm - runner
283rpm2cpio - runner 283rpm2cpio - runner
diff --git a/modutils/insmod.c b/modutils/insmod.c
index b8ede8a81..4dc0b6608 100644
--- a/modutils/insmod.c
+++ b/modutils/insmod.c
@@ -13,7 +13,7 @@
13//config: help 13//config: help
14//config: insmod is used to load specified modules in the running kernel. 14//config: insmod is used to load specified modules in the running kernel.
15 15
16//applet:IF_INSMOD(IF_NOT_MODPROBE_SMALL(APPLET(insmod, BB_DIR_SBIN, BB_SUID_DROP))) 16//applet:IF_INSMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(insmod, insmod, BB_DIR_SBIN, BB_SUID_DROP, insmod)))
17 17
18//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y) 18//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
19//kbuild:lib-$(CONFIG_INSMOD) += insmod.o modutils.o 19//kbuild:lib-$(CONFIG_INSMOD) += insmod.o modutils.o
diff --git a/modutils/lsmod.c b/modutils/lsmod.c
index 4bf8f8481..84860cd79 100644
--- a/modutils/lsmod.c
+++ b/modutils/lsmod.c
@@ -23,7 +23,7 @@
23//config: the format of module-init-tools for Linux kernel 2.6. 23//config: the format of module-init-tools for Linux kernel 2.6.
24//config: Increases size somewhat. 24//config: Increases size somewhat.
25 25
26//applet:IF_LSMOD(IF_NOT_MODPROBE_SMALL(APPLET(lsmod, BB_DIR_SBIN, BB_SUID_DROP))) 26//applet:IF_LSMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(lsmod, lsmod, BB_DIR_SBIN, BB_SUID_DROP, lsmod)))
27 27
28//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y) 28//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
29//kbuild:lib-$(CONFIG_LSMOD) += lsmod.o modutils.o 29//kbuild:lib-$(CONFIG_LSMOD) += lsmod.o modutils.o
diff --git a/modutils/modinfo.c b/modutils/modinfo.c
index 371c93991..0f1d3ee47 100644
--- a/modutils/modinfo.c
+++ b/modutils/modinfo.c
@@ -12,7 +12,7 @@
12//config: help 12//config: help
13//config: Show information about a Linux Kernel module 13//config: Show information about a Linux Kernel module
14 14
15//applet:IF_MODINFO(APPLET(modinfo, BB_DIR_SBIN, BB_SUID_DROP)) 15//applet:IF_MODINFO(APPLET_NOEXEC(modinfo, modinfo, BB_DIR_SBIN, BB_SUID_DROP, modinfo))
16 16
17//kbuild:lib-$(CONFIG_MODINFO) += modinfo.o modutils.o 17//kbuild:lib-$(CONFIG_MODINFO) += modinfo.o modutils.o
18 18
diff --git a/modutils/modprobe-small.c b/modutils/modprobe-small.c
index 053a7df89..cd4f554f3 100644
--- a/modutils/modprobe-small.c
+++ b/modutils/modprobe-small.c
@@ -11,12 +11,15 @@
11/* modprobe-small configs are defined in Config.src to ensure better 11/* modprobe-small configs are defined in Config.src to ensure better
12 * "make config" order */ 12 * "make config" order */
13 13
14//applet:IF_LSMOD( IF_MODPROBE_SMALL(APPLET(lsmod, BB_DIR_SBIN, BB_SUID_DROP))) 14//applet:IF_LSMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( lsmod, lsmod, BB_DIR_SBIN, BB_SUID_DROP, lsmod )))
15//applet:IF_MODPROBE(IF_MODPROBE_SMALL(APPLET(modprobe, BB_DIR_SBIN, BB_SUID_DROP))) 15//applet:IF_MODPROBE(IF_MODPROBE_SMALL(APPLET_NOEXEC( modprobe, modprobe, BB_DIR_SBIN, BB_SUID_DROP, modprobe)))
16// APPLET_ODDNAME:name main location suid_type help 16// APPLET_ODDNAME:name main location suid_type help
17//applet:IF_DEPMOD(IF_MODPROBE_SMALL(APPLET_ODDNAME(depmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, depmod))) 17//applet:IF_DEPMOD( IF_MODPROBE_SMALL(APPLET_ODDNAME(depmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, depmod )))
18//applet:IF_INSMOD(IF_MODPROBE_SMALL(APPLET_ODDNAME(insmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, insmod))) 18//applet:IF_INSMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( insmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, insmod )))
19//applet:IF_RMMOD( IF_MODPROBE_SMALL(APPLET_ODDNAME(rmmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, rmmod))) 19//applet:IF_RMMOD( IF_MODPROBE_SMALL(APPLET_NOEXEC( rmmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, rmmod )))
20/* noexec speeds up boot with many modules loaded (need SH_STANDALONE=y) */
21/* I measured about ~5 times faster insmod */
22/* depmod is not noexec, it runs longer and benefits from memory trimming via exec */
20 23
21//kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o 24//kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o
22 25
diff --git a/modutils/modprobe.c b/modutils/modprobe.c
index 1a7db09f2..e899935c4 100644
--- a/modutils/modprobe.c
+++ b/modutils/modprobe.c
@@ -26,7 +26,7 @@
26//config: hardware autodetection scripts to load modules like evdev, frame 26//config: hardware autodetection scripts to load modules like evdev, frame
27//config: buffer drivers etc. 27//config: buffer drivers etc.
28 28
29//applet:IF_MODPROBE(IF_NOT_MODPROBE_SMALL(APPLET(modprobe, BB_DIR_SBIN, BB_SUID_DROP))) 29//applet:IF_MODPROBE(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(modprobe, modprobe, BB_DIR_SBIN, BB_SUID_DROP, modprobe)))
30 30
31//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y) 31//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
32//kbuild:lib-$(CONFIG_MODPROBE) += modprobe.o modutils.o 32//kbuild:lib-$(CONFIG_MODPROBE) += modprobe.o modutils.o
diff --git a/modutils/rmmod.c b/modutils/rmmod.c
index d60e49413..df50e58af 100644
--- a/modutils/rmmod.c
+++ b/modutils/rmmod.c
@@ -14,7 +14,7 @@
14//config: help 14//config: help
15//config: rmmod is used to unload specified modules from the kernel. 15//config: rmmod is used to unload specified modules from the kernel.
16 16
17//applet:IF_RMMOD(IF_NOT_MODPROBE_SMALL(APPLET(rmmod, BB_DIR_SBIN, BB_SUID_DROP))) 17//applet:IF_RMMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(rmmod, rmmod, BB_DIR_SBIN, BB_SUID_DROP, rmmod)))
18 18
19//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y) 19//kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
20//kbuild:lib-$(CONFIG_RMMOD) += rmmod.o modutils.o 20//kbuild:lib-$(CONFIG_RMMOD) += rmmod.o modutils.o
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 15:44:02 +0000