diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-08-04 17:59:46 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-08-04 17:59:46 +0200 |
| commit | 83d7785e413bbfc4c639c855a6e47f64bdc5da9a (patch) | |
| tree | be2cb6035dbf4f1c316893d41560587cd2a8d85e /NOFORK_NOEXEC.lst | |
| parent | 6bec24c4f5a2c853c10fd59a56d0d197b5e5fd64 (diff) | |
| download | busybox-w32-83d7785e413bbfc4c639c855a6e47f64bdc5da9a.tar.gz busybox-w32-83d7785e413bbfc4c639c855a6e47f64bdc5da9a.tar.bz2 busybox-w32-83d7785e413bbfc4c639c855a6e47f64bdc5da9a.zip | |
runlevel: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'NOFORK_NOEXEC.lst')
| -rw-r--r-- | NOFORK_NOEXEC.lst | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 90c802b2a..d6959e363 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst | |||
| @@ -66,21 +66,21 @@ chgrp - noexec. runner | |||
| 66 | chmod - noexec. runner | 66 | chmod - noexec. runner |
| 67 | chown - noexec. runner | 67 | chown - noexec. runner |
| 68 | chpasswd - runner (list of "user:password"s from stdin) | 68 | chpasswd - runner (list of "user:password"s from stdin) |
| 69 | chpst - spawner | 69 | chpst - noexec candidate, spawner |
| 70 | chroot - spawner | 70 | chroot - noexec candidate, spawner |
| 71 | chrt - spawner | 71 | chrt - noexec candidate, spawner |
| 72 | chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. | 72 | chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec. |
| 73 | cksum - noexec. runner | 73 | cksum - noexec. runner |
| 74 | clear - NOFORK | 74 | clear - NOFORK |
| 75 | cmp - runner | 75 | cmp - runner |
| 76 | comm - runner | 76 | comm - runner |
| 77 | conspy - interactive | 77 | conspy - interactive, longterm |
| 78 | cp - noexec. runner | 78 | cp - noexec. runner |
| 79 | cpio - runner | 79 | cpio - runner |
| 80 | crond - daemon | 80 | crond - daemon |
| 81 | crontab | 81 | crontab |
| 82 | cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec. | 82 | cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec. |
| 83 | cttyhack - spawner | 83 | cttyhack - noexec candidate, spawner |
| 84 | cut - noexec. runner | 84 | cut - noexec. runner |
| 85 | date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) | 85 | date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf) |
| 86 | dc - runner (eats stdin if no params) | 86 | dc - runner (eats stdin if no params) |
| @@ -90,7 +90,7 @@ delgroup | |||
| 90 | deluser | 90 | deluser |
| 91 | depmod - complex, rare | 91 | depmod - complex, rare |
| 92 | devmem - runner, complex (access to device memory may hang) | 92 | devmem - runner, complex (access to device memory may hang) |
| 93 | df - complex (nested allocs) | 93 | df - leaks: nested allocs |
| 94 | dhcprelay - daemon | 94 | dhcprelay - daemon |
| 95 | diff - runner | 95 | diff - runner |
| 96 | dirname - NOFORK | 96 | dirname - NOFORK |
| @@ -106,15 +106,15 @@ echo - NOFORK | |||
| 106 | ed - interactive, longterm | 106 | ed - interactive, longterm |
| 107 | egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory) | 107 | egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory) |
| 108 | eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds) | 108 | eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds) |
| 109 | env - noexec. changes state (env) | 109 | env - noexec. spawner, changes state (env) |
| 110 | envdir - spawner | 110 | envdir - noexec candidate, spawner |
| 111 | envuidgid - spawner | 111 | envuidgid - noexec candidate, spawner |
| 112 | expand - runner | 112 | expand - runner |
| 113 | expr - complex (nested allocs) | 113 | expr - leaks: nested allocs |
| 114 | factor - runner (eats stdin if no params) | 114 | factor - runner (eats stdin if no params) |
| 115 | fakeidentd - daemon | 115 | fakeidentd - daemon |
| 116 | false - NOFORK | 116 | false - NOFORK |
| 117 | fatattr - complex (xopen+xioctl can leak fd) | 117 | fatattr - leaks: open+xioctl, complex |
| 118 | fbset - leaks: open+xfunc, complex, rare | 118 | fbset - leaks: open+xfunc, complex, rare |
| 119 | fbsplash - runner, longterm | 119 | fbsplash - runner, longterm |
| 120 | fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare | 120 | fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare |
| @@ -134,14 +134,14 @@ free - nofork candidate(struct globals, needs to close /proc/meminfo fd) | |||
| 134 | freeramdisk - leaks: open+ioctl_or_perror_and_die | 134 | freeramdisk - leaks: open+ioctl_or_perror_and_die |
| 135 | fsck - interactive, longterm | 135 | fsck - interactive, longterm |
| 136 | fsck.minix | 136 | fsck.minix |
| 137 | fsfreeze | 137 | fsfreeze - noexec candidate (it's very simple), leaks: open+xioctl |
| 138 | fstrim | 138 | fstrim - noexec candidate (it's very simple), leaks: open+xioctl |
| 139 | fsync - NOFORK | 139 | fsync - NOFORK |
| 140 | ftpd - daemon | 140 | ftpd - daemon |
| 141 | ftpget - runner | 141 | ftpget - runner |
| 142 | ftpput - runner | 142 | ftpput - runner |
| 143 | fuser - complex | 143 | fuser - complex |
| 144 | getopt - noexec. complex (many allocs) | 144 | getopt - noexec. leaks: many allocs |
| 145 | getty - interactive, longterm | 145 | getty - interactive, longterm |
| 146 | grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory) | 146 | grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory) |
| 147 | groups - noexec | 147 | groups - noexec |
| @@ -156,7 +156,7 @@ hostid - NOFORK | |||
| 156 | hostname - DNS resolution may trigger, need ^C | 156 | hostname - DNS resolution may trigger, need ^C |
| 157 | httpd - daemon | 157 | httpd - daemon |
| 158 | hush - interactive, longterm | 158 | hush - interactive, longterm |
| 159 | hwclock | 159 | hwclock - talks to hardware (xioctl(RTC_RD_TIME)) - needs ^C |
| 160 | i2cdetect | 160 | i2cdetect |
| 161 | i2cdump | 161 | i2cdump |
| 162 | i2cget | 162 | i2cget |
| @@ -293,9 +293,9 @@ rmmod - noexec | |||
| 293 | route | 293 | route |
| 294 | rpm - runner | 294 | rpm - runner |
| 295 | rpm2cpio - runner | 295 | rpm2cpio - runner |
| 296 | rtcwake - complex, rare | 296 | rtcwake - puts system to sleep, optimizing this for speed is pointless |
| 297 | run-parts | 297 | run-parts |
| 298 | runlevel | 298 | runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother? |
| 299 | runsv - daemon | 299 | runsv - daemon |
| 300 | runsvdir - daemon | 300 | runsvdir - daemon |
| 301 | rx - runner | 301 | rx - runner |
| @@ -400,10 +400,10 @@ vlock - suid | |||
| 400 | volname - runner | 400 | volname - runner |
| 401 | w | 401 | w |
| 402 | wall - suid | 402 | wall - suid |
| 403 | watch - runner | 403 | watch - longterm |
| 404 | watchdog - daemon | 404 | watchdog - daemon |
| 405 | wc - runner | 405 | wc - runner |
| 406 | wget - runner | 406 | wget - longterm |
| 407 | which - NOFORK | 407 | which - NOFORK |
| 408 | who | 408 | who |
| 409 | whoami - NOFORK | 409 | whoami - NOFORK |