6 files changed, 10 insertions, 10 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 2fc280596..1d23ad962 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -69,7 +69,7 @@ chpasswd - runner (list of "user:password"s from stdin)
 chpst - noexec. spawner
 chroot - noexec. spawner
 chrt - noexec. spawner
-chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+chvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
 cksum - noexec. runner
 clear - NOFORK
 cmp - runner
@@ -85,7 +85,7 @@ cut - noexec. runner
 date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
 dc - runner (eats stdin if no params)
 dd - noexec. runner
-deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
 delgroup
 deluser
 depmod - complex, rare
@@ -100,7 +100,7 @@ dnsdomainname - needs ^C (may talk to DNS servers, which may be down)
 dos2unix - noexec. runner
 dpkg - runner
 du - runner
-dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+dumpkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
 dumpleases - leaks: open+xread
 echo - NOFORK
 ed - interactive, longterm
@@ -120,7 +120,7 @@ fbsplash - runner, longterm
 fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
 fdformat - needs ^C (floppy may be unresponsive), longterm, rare
 fdisk - interactive, longterm
-fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+fgconsole - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
 fgrep - longterm runner ("CMD | fgrep ..."  may run indefinitely, better to exec to conserve memory)
 find - noexec. runner
 findfs - suid
@@ -195,7 +195,7 @@ linux64 - noexec. spawner
 linuxrc - daemon
 ln - noexec
 loadfont - leaks: config_open+bb_error_msg_and_die("map format")
-loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.
+loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
 logger - runner
 login - suid, interactive, longterm
 logname - NOFORK
diff --git a/console-tools/chvt.c b/console-tools/chvt.c
index d8152de6b..75380a90b 100644
--- a/console-tools/chvt.c
+++ b/console-tools/chvt.c
@@ -14,7 +14,7 @@
 //config:       This program is used to change to another terminal.
 //config:       Example: chvt 4 (change to terminal /dev/tty4)
-//applet:IF_CHVT(APPLET(chvt, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_CHVT(APPLET_NOEXEC(chvt, chvt, BB_DIR_USR_BIN, BB_SUID_DROP, chvt))
 //kbuild:lib-$(CONFIG_CHVT) += chvt.o
diff --git a/console-tools/deallocvt.c b/console-tools/deallocvt.c
index 6ffb1471e..05731fb78 100644
--- a/console-tools/deallocvt.c
+++ b/console-tools/deallocvt.c
@@ -14,7 +14,7 @@
 //config:       help
 //config:       This program deallocates unused virtual consoles.
-//applet:IF_DEALLOCVT(APPLET(deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_DEALLOCVT(APPLET_NOEXEC(deallocvt, deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP, deallocvt))
 //kbuild:lib-$(CONFIG_DEALLOCVT) += deallocvt.o
diff --git a/console-tools/dumpkmap.c b/console-tools/dumpkmap.c
index d4e2cf281..5ffb0cddb 100644
--- a/console-tools/dumpkmap.c
+++ b/console-tools/dumpkmap.c
@@ -15,7 +15,7 @@
 //config:       This program dumps the kernel's keyboard translation table to
 //config:       stdout, in binary format. You can then use loadkmap to load it.
-//applet:IF_DUMPKMAP(APPLET(dumpkmap, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_DUMPKMAP(APPLET_NOEXEC(dumpkmap, dumpkmap, BB_DIR_BIN, BB_SUID_DROP, dumpkmap))
 //kbuild:lib-$(CONFIG_DUMPKMAP) += dumpkmap.o
diff --git a/console-tools/fgconsole.c b/console-tools/fgconsole.c
index 64311f6ea..a353becd5 100644
--- a/console-tools/fgconsole.c
+++ b/console-tools/fgconsole.c
@@ -13,7 +13,7 @@
 //config:       help
 //config:       This program prints active (foreground) console number.
-//applet:IF_FGCONSOLE(APPLET(fgconsole, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_FGCONSOLE(APPLET_NOEXEC(fgconsole, fgconsole, BB_DIR_USR_BIN, BB_SUID_DROP, fgconsole))
 //kbuild:lib-$(CONFIG_FGCONSOLE) += fgconsole.o
diff --git a/console-tools/loadkmap.c b/console-tools/loadkmap.c
index 839dc2083..404aba1fb 100644
--- a/console-tools/loadkmap.c
+++ b/console-tools/loadkmap.c
@@ -14,7 +14,7 @@
 //config:       This program loads a keyboard translation table from
 //config:       standard input.
-//applet:IF_LOADKMAP(APPLET(loadkmap, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_LOADKMAP(APPLET_NOEXEC(loadkmap, loadkmap, BB_DIR_SBIN, BB_SUID_DROP, loadkmap))
 //kbuild:lib-$(CONFIG_LOADKMAP) += loadkmap.o

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 2fc280596..1d23ad962 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst
@@ -69,7 +69,7 @@ chpasswd - runner (list of "user:password"s from stdin)
69	chpst - noexec. spawner	69	chpst - noexec. spawner
70	chroot - noexec. spawner	70	chroot - noexec. spawner
71	chrt - noexec. spawner	71	chrt - noexec. spawner
72	chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.	72	chvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
73	cksum - noexec. runner	73	cksum - noexec. runner
74	clear - NOFORK	74	clear - NOFORK
75	cmp - runner	75	cmp - runner
@@ -85,7 +85,7 @@ cut - noexec. runner
85	date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)	85	date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
86	dc - runner (eats stdin if no params)	86	dc - runner (eats stdin if no params)
87	dd - noexec. runner	87	dd - noexec. runner
88	deallocvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.	88	deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
89	delgroup	89	delgroup
90	deluser	90	deluser
91	depmod - complex, rare	91	depmod - complex, rare
@@ -100,7 +100,7 @@ dnsdomainname - needs ^C (may talk to DNS servers, which may be down)
100	dos2unix - noexec. runner	100	dos2unix - noexec. runner
101	dpkg - runner	101	dpkg - runner
102	du - runner	102	du - runner
103	dumpkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.	103	dumpkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
104	dumpleases - leaks: open+xread	104	dumpleases - leaks: open+xread
105	echo - NOFORK	105	echo - NOFORK
106	ed - interactive, longterm	106	ed - interactive, longterm
@@ -120,7 +120,7 @@ fbsplash - runner, longterm
120	fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare	120	fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
121	fdformat - needs ^C (floppy may be unresponsive), longterm, rare	121	fdformat - needs ^C (floppy may be unresponsive), longterm, rare
122	fdisk - interactive, longterm	122	fdisk - interactive, longterm
123	fgconsole - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.	123	fgconsole - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
124	fgrep - longterm runner ("CMD \| fgrep ..." may run indefinitely, better to exec to conserve memory)	124	fgrep - longterm runner ("CMD \| fgrep ..." may run indefinitely, better to exec to conserve memory)
125	find - noexec. runner	125	find - noexec. runner
126	findfs - suid	126	findfs - suid
@@ -195,7 +195,7 @@ linux64 - noexec. spawner
195	linuxrc - daemon	195	linuxrc - daemon
196	ln - noexec	196	ln - noexec
197	loadfont - leaks: config_open+bb_error_msg_and_die("map format")	197	loadfont - leaks: config_open+bb_error_msg_and_die("map format")
198	loadkmap - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. noexec candidate.	198	loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
199	logger - runner	199	logger - runner
200	login - suid, interactive, longterm	200	login - suid, interactive, longterm
201	logname - NOFORK	201	logname - NOFORK


diff --git a/console-tools/chvt.c b/console-tools/chvt.c index d8152de6b..75380a90b 100644 --- a/console-tools/chvt.c +++ b/console-tools/chvt.c
@@ -14,7 +14,7 @@
14	//config: This program is used to change to another terminal.	14	//config: This program is used to change to another terminal.
15	//config: Example: chvt 4 (change to terminal /dev/tty4)	15	//config: Example: chvt 4 (change to terminal /dev/tty4)
16		16
17	//applet:IF_CHVT(APPLET(chvt, BB_DIR_USR_BIN, BB_SUID_DROP))	17	//applet:IF_CHVT(APPLET_NOEXEC(chvt, chvt, BB_DIR_USR_BIN, BB_SUID_DROP, chvt))
18		18
19	//kbuild:lib-$(CONFIG_CHVT) += chvt.o	19	//kbuild:lib-$(CONFIG_CHVT) += chvt.o
20		20


diff --git a/console-tools/deallocvt.c b/console-tools/deallocvt.c index 6ffb1471e..05731fb78 100644 --- a/console-tools/deallocvt.c +++ b/console-tools/deallocvt.c
@@ -14,7 +14,7 @@
14	//config: help	14	//config: help
15	//config: This program deallocates unused virtual consoles.	15	//config: This program deallocates unused virtual consoles.
16		16
17	//applet:IF_DEALLOCVT(APPLET(deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP))	17	//applet:IF_DEALLOCVT(APPLET_NOEXEC(deallocvt, deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP, deallocvt))
18		18
19	//kbuild:lib-$(CONFIG_DEALLOCVT) += deallocvt.o	19	//kbuild:lib-$(CONFIG_DEALLOCVT) += deallocvt.o
20		20


diff --git a/console-tools/dumpkmap.c b/console-tools/dumpkmap.c index d4e2cf281..5ffb0cddb 100644 --- a/console-tools/dumpkmap.c +++ b/console-tools/dumpkmap.c
@@ -15,7 +15,7 @@
15	//config: This program dumps the kernel's keyboard translation table to	15	//config: This program dumps the kernel's keyboard translation table to
16	//config: stdout, in binary format. You can then use loadkmap to load it.	16	//config: stdout, in binary format. You can then use loadkmap to load it.
17		17
18	//applet:IF_DUMPKMAP(APPLET(dumpkmap, BB_DIR_BIN, BB_SUID_DROP))	18	//applet:IF_DUMPKMAP(APPLET_NOEXEC(dumpkmap, dumpkmap, BB_DIR_BIN, BB_SUID_DROP, dumpkmap))
19		19
20	//kbuild:lib-$(CONFIG_DUMPKMAP) += dumpkmap.o	20	//kbuild:lib-$(CONFIG_DUMPKMAP) += dumpkmap.o
21		21


diff --git a/console-tools/fgconsole.c b/console-tools/fgconsole.c index 64311f6ea..a353becd5 100644 --- a/console-tools/fgconsole.c +++ b/console-tools/fgconsole.c
@@ -13,7 +13,7 @@
13	//config: help	13	//config: help
14	//config: This program prints active (foreground) console number.	14	//config: This program prints active (foreground) console number.
15		15
16	//applet:IF_FGCONSOLE(APPLET(fgconsole, BB_DIR_USR_BIN, BB_SUID_DROP))	16	//applet:IF_FGCONSOLE(APPLET_NOEXEC(fgconsole, fgconsole, BB_DIR_USR_BIN, BB_SUID_DROP, fgconsole))
17		17
18	//kbuild:lib-$(CONFIG_FGCONSOLE) += fgconsole.o	18	//kbuild:lib-$(CONFIG_FGCONSOLE) += fgconsole.o
19		19


diff --git a/console-tools/loadkmap.c b/console-tools/loadkmap.c index 839dc2083..404aba1fb 100644 --- a/console-tools/loadkmap.c +++ b/console-tools/loadkmap.c
@@ -14,7 +14,7 @@
14	//config: This program loads a keyboard translation table from	14	//config: This program loads a keyboard translation table from
15	//config: standard input.	15	//config: standard input.
16		16
17	//applet:IF_LOADKMAP(APPLET(loadkmap, BB_DIR_SBIN, BB_SUID_DROP))	17	//applet:IF_LOADKMAP(APPLET_NOEXEC(loadkmap, loadkmap, BB_DIR_SBIN, BB_SUID_DROP, loadkmap))
18		18
19	//kbuild:lib-$(CONFIG_LOADKMAP) += loadkmap.o	19	//kbuild:lib-$(CONFIG_LOADKMAP) += loadkmap.o
20		20