[git commit] losetup: make NOEXEC

Denys Vlasenko vda.linux at googlemail.com
Mon Aug 7 21:14:49 UTC 2017


commit: https://git.busybox.net/busybox/commit/?id=ae84418d269ea44a710b9effa6d64b6334208973
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 NOFORK_NOEXEC.lst    | 8 ++++----
 util-linux/losetup.c | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index d7e60b4..a8823be 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -165,8 +165,8 @@ i2cdump - hardware
 i2cget - hardware
 i2cset - hardware
 id - noexec
-ifconfig - leaks: xsocket+ioctl_or_perror_and_die
-ifenslave - leaks: xsocket+bb_perror_msg_and_die
+ifconfig - hardware? (mem_start NN io_addr NN irq NN), leaks: xsocket+ioctl_or_perror_and_die
+ifenslave - noexec. leaks: xsocket+bb_perror_msg_and_die
 ifplugd - daemon
 inetd - daemon
 init - daemon
@@ -202,7 +202,7 @@ loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return o
 logger - runner
 login - suid, interactive, longterm
 logname - NOFORK
-losetup - complex
+losetup - noexec. complex
 lpd - daemon
 lpq - runner
 lpr - runner
@@ -400,7 +400,7 @@ uuencode - runner
 vconfig - leaks: xsocket+ioctl_or_perror_and_die
 vi - interactive, longterm
 vlock - suid
-volname - runner
+volname - hardware (reads CDROM, this can take long-ish if need to spin up)
 w - noexec. nofork candidate(is getutxent ok?)
 wall - suid
 watch - longterm
diff --git a/util-linux/losetup.c b/util-linux/losetup.c
index c608de6..2f7dc10 100644
--- a/util-linux/losetup.c
+++ b/util-linux/losetup.c
@@ -15,9 +15,9 @@
 //config:	file or block device, and to query the status of a loop device. This
 //config:	version does not currently support enabling data encryption.
 
-//kbuild:lib-$(CONFIG_LOSETUP) += losetup.o
+//applet:IF_LOSETUP(APPLET_NOEXEC(losetup, losetup, BB_DIR_SBIN, BB_SUID_DROP, losetup))
 
-//applet:IF_LOSETUP(APPLET(losetup, BB_DIR_SBIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_LOSETUP) += losetup.o
 
 //usage:#define losetup_trivial_usage
 //usage:       "[-r] [-o OFS] {-f|LOOPDEV} FILE - associate loop devices\n"


More information about the busybox-cvs mailing list