[git commit] raidautorun: make it NOEXEC

Denys Vlasenko vda.linux at googlemail.com
Sun Aug 6 17:08:46 UTC 2017


commit: https://git.busybox.net/busybox/commit/?id=a894a4beddf9c132556b001925ea3e8e0881e273
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 NOFORK_NOEXEC.lst       | 4 ++--
 miscutils/raidautorun.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 3a30af0..99af243 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -274,7 +274,7 @@ pscan - longterm
 pstree - noexec
 pwd - NOFORK
 pwdx - NOFORK
-raidautorun
+raidautorun - noexec. very simple. leaks: open+xioctl
 rdate - needs ^C (may talk to DNS servers, which may be down)
 rdev - leaks: find_block_device -> readdir+xstrdup
 readlink - NOFORK
@@ -294,7 +294,7 @@ route - needs ^C (may talk to DNS servers, which may be down)
 rpm - runner
 rpm2cpio - runner
 rtcwake - longterm: puts system to sleep, optimizing this for speed is pointless
-run-parts
+run-parts - longterm
 runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
 runsv - daemon
 runsvdir - daemon
diff --git a/miscutils/raidautorun.c b/miscutils/raidautorun.c
index ecedf9c..caf6e08 100644
--- a/miscutils/raidautorun.c
+++ b/miscutils/raidautorun.c
@@ -15,7 +15,7 @@
 //config:	raidautorun tells the kernel md driver to
 //config:	search and start RAID arrays.
 
-//applet:IF_RAIDAUTORUN(APPLET(raidautorun, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_RAIDAUTORUN(APPLET_NOEXEC(raidautorun, raidautorun, BB_DIR_SBIN, BB_SUID_DROP, raidautorun))
 
 //kbuild:lib-$(CONFIG_RAIDAUTORUN) += raidautorun.o
 


More information about the busybox-cvs mailing list