[PATCH v10 14/15] libbb: allow forcing all applets to behave as NOEXEC applets

[Nadav Tasher]

This patch adds an experimental configuration option to allow the
applet_execvpe function to treat all applets as if they were NOEXEC.

This is experimental, as noted in the configuration description.

Signed-off-by: Nadav Tasher <tashernadav at gmail.com>
---
 Config.in          | 12 ++++++++++++
 libbb/executable.c |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/Config.in b/Config.in
index b1dfe98c1..b21940b04 100644
--- a/Config.in
+++ b/Config.in
@@ -320,6 +320,18 @@ config FEATURE_FORCE_APPLETS
 
 	This feature extends the "exec prefers applets" feature.
 
+config FEATURE_ALWAYS_NOEXEC
+	bool "all applets support NOEXEC (experimental)"
+	default n
+	depends on FEATURE_PREFER_APPLETS && !NOMMU
+	help
+	This is an experimental option which makes all applets support NOEXEC
+	invocation.
+	There are good reasons for why applets are not marked as NOEXEC,
+	but for some usecases these reasons do not apply.
+
+	This feature extends the "exec prefers applets" feature.
+
 config BUSYBOX_EXEC_PATH
 	string "Path to busybox executable"
 	default "/proc/self/exe"
diff --git a/libbb/executable.c b/libbb/executable.c
index dcd2613f0..d5a941a46 100644
--- a/libbb/executable.c
+++ b/libbb/executable.c
@@ -88,7 +88,7 @@ int FAST_FUNC applet_execve(const char *name, char *const argv[], char *const en
 		 * since vfork() requires the child to exec() or _exit() for the
 		 * parent to resume, running applets with NOEXEC and vfork()
 		 * may result in deadlocks, as exec() will never be called. */
-		if (BB_MMU && APPLET_IS_NOEXEC(applet)) {
+		if (BB_MMU && (ENABLE_FEATURE_ALWAYS_NOEXEC || APPLET_IS_NOEXEC(applet))) {
 			/* since run_noexec_applet_and_exit takes char **argv,
 			 * we need to copy argv to a new heap-allocated array. */
 			char **copied_argv = clone_string_array(argv);
-- 
2.34.1