[git commit] add/remove-shell, add/deluser, add/delgroup: make them NOEXEC

Denys Vlasenko vda.linux at googlemail.com
Sun Aug 6 22:28:15 UTC 2017


commit: https://git.busybox.net/busybox/commit/?id=7b8372b81926ef6aa8d91945a95261bbb93d0b9e
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 NOFORK_NOEXEC.lst             | 12 ++++++------
 loginutils/add-remove-shell.c |  7 ++++---
 loginutils/addgroup.c         |  2 +-
 loginutils/adduser.c          |  2 +-
 loginutils/deluser.c          |  5 +++--
 5 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 9c8df23..ac04f75 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -36,9 +36,9 @@ IOW: rm is "interactive", but not "longterm".
 [ - NOFORK
 [[ - NOFORK
 acpid - daemon
-add-shell
-addgroup
-adduser
+add-shell - noexec. leaks: open+xfunc
+addgroup - noexec. leaks
+adduser - noexec. leaks
 adjtimex - NOFORK
 ar - runner
 arch - NOFORK
@@ -86,8 +86,8 @@ date - noexec. nofork candidate(needs to stop messing up env, free xasprintf res
 dc - runner (eats stdin if no params)
 dd - noexec. runner
 deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
-delgroup
-deluser
+delgroup - noexec. leaks
+deluser - noexec. leaks
 depmod - complex, rare
 devmem - runner, complex (access to device memory may hang)
 df - leaks: nested allocs
@@ -282,7 +282,7 @@ readprofile - reads /boot/System.map and /proc/profile, better to free more memo
 realpath - NOFORK
 reboot - rare
 reformime - runner
-remove-shell
+remove-shell - noexec. leaks: open+xfunc
 renice - nofork candidate(uses getpwnam, is that ok?)
 reset - noexec. spawner (execs "stty")
 resize - noexec. changes state (signal handlers)
diff --git a/loginutils/add-remove-shell.c b/loginutils/add-remove-shell.c
index 750b44b..6d03de2 100644
--- a/loginutils/add-remove-shell.c
+++ b/loginutils/add-remove-shell.c
@@ -19,9 +19,9 @@
 //config:	help
 //config:	Remove shells from /etc/shells.
 
-//                       APPLET_ODDNAME:name          main              location         suid_type     help
-//applet:IF_ADD_SHELL(   APPLET_ODDNAME(add-shell   , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell   ))
-//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
+//                       APPLET_NOEXEC:name          main              location         suid_type     help
+//applet:IF_ADD_SHELL(   APPLET_NOEXEC(add-shell   , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell   ))
+//applet:IF_REMOVE_SHELL(APPLET_NOEXEC(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
 
 //kbuild:lib-$(CONFIG_ADD_SHELL)    += add-remove-shell.o
 //kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o
@@ -64,6 +64,7 @@ int add_remove_shell_main(int argc UNUSED_PARAM, char **argv)
 	if (orig_fp)
 		xfstat(fileno(orig_fp), &sb, orig_fn);
 
+
 	new_fn = xasprintf("%s.tmp", orig_fn);
 	/*
 	 * O_TRUNC or O_EXCL? At the first glance, O_EXCL looks better,
diff --git a/loginutils/addgroup.c b/loginutils/addgroup.c
index b197fc1..30f7e72 100644
--- a/loginutils/addgroup.c
+++ b/loginutils/addgroup.c
@@ -29,7 +29,7 @@
 //config:	addgroup will add an existing user to an
 //config:	existing group.
 
-//applet:IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//applet:IF_ADDGROUP(APPLET_NOEXEC(addgroup, addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP, addgroup))
 
 //kbuild:lib-$(CONFIG_ADDGROUP) += addgroup.o
 
diff --git a/loginutils/adduser.c b/loginutils/adduser.c
index ef18278..913dbaf 100644
--- a/loginutils/adduser.c
+++ b/loginutils/adduser.c
@@ -53,7 +53,7 @@
 //config:	help
 //config:	Last valid system uid or gid for adduser and addgroup
 
-//applet:IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//applet:IF_ADDUSER(APPLET_NOEXEC(adduser, adduser, BB_DIR_USR_SBIN, BB_SUID_DROP, adduser))
 
 //kbuild:lib-$(CONFIG_ADDUSER) += adduser.o
 
diff --git a/loginutils/deluser.c b/loginutils/deluser.c
index 3b6bd95..f5bc3c2 100644
--- a/loginutils/deluser.c
+++ b/loginutils/deluser.c
@@ -28,8 +28,9 @@
 //config:	If called with two non-option arguments, deluser
 //config:	or delgroup will remove an user from a specified group.
 
-//applet:IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP))
-//applet:IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup))
+//                   APPLET_NOEXEC:name      main     location         suid_type     help
+//applet:IF_DELUSER( APPLET_NOEXEC(deluser,  deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, deluser))
+//applet:IF_DELGROUP(APPLET_NOEXEC(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup))
 
 //kbuild:lib-$(CONFIG_DELUSER) += deluser.o
 //kbuild:lib-$(CONFIG_DELGROUP) += deluser.o


More information about the busybox-cvs mailing list