[git commit] mv: make it NOEXEC

Denys Vlasenko vda.linux at googlemail.com
Sun Jan 14 13:41:52 UTC 2018


commit: https://git.busybox.net/busybox/commit/?id=88663e481f3284225ea0ceaf97f3904adedb21a2
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 NOFORK_NOEXEC.lst | 4 ++--
 coreutils/cp.c    | 1 +
 coreutils/mv.c    | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 21a3b41..055f9fb 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -89,7 +89,7 @@ clear - NOFORK
 cmp - runner
 comm - runner
 conspy - interactive, longterm
-cp - noexec. runner
+cp - noexec. sometimes runner
 cpio - runner
 crond - daemon
 crontab - longterm (runs $EDITOR), leaks: open+xasprintf
@@ -255,7 +255,7 @@ mount - suid
 mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
 mpstat - longterm: "mpstat 1" runs indefinitely
 mt - hardware
-mv - noexec candidate, runner
+mv - noexec. sometimes runner
 nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
 nbd-client - noexec
 nc - runner
diff --git a/coreutils/cp.c b/coreutils/cp.c
index 5b34c27..05c725c 100644
--- a/coreutils/cp.c
+++ b/coreutils/cp.c
@@ -26,6 +26,7 @@
 //config:	Also add support for --parents option.
 
 //applet:IF_CP(APPLET_NOEXEC(cp, cp, BB_DIR_BIN, BB_SUID_DROP, cp))
+/* NOEXEC despite cases when it can be a "runner" (cp -r LARGE_DIR NEW_DIR) */
 
 //kbuild:lib-$(CONFIG_CP) += cp.o
 
diff --git a/coreutils/mv.c b/coreutils/mv.c
index 10cbc50..aeafd1e 100644
--- a/coreutils/mv.c
+++ b/coreutils/mv.c
@@ -17,7 +17,8 @@
 //config:	help
 //config:	mv is used to move or rename files or directories.
 
-//applet:IF_MV(APPLET(mv, BB_DIR_BIN, BB_SUID_DROP))
+//applet:IF_MV(APPLET_NOEXEC(mv, mv, BB_DIR_BIN, BB_SUID_DROP, mv))
+/* NOEXEC despite cases when it can be a "runner" (mv LARGE_DIR OTHER_FS) */
 
 //kbuild:lib-$(CONFIG_MV) += mv.o
 


More information about the busybox-cvs mailing list