[PATCH v2 15/27] BB_EXECVP: make BB_EXECVP do NOEXEC logic and allow it to to force applet execution
Nadav Tasher
tashernadav at gmail.com
Wed Jan 22 11:10:19 UTC 2025
That's a very good observation!
I didn't know execvpe does that.
I do have two concern though:
1. When passing NULL to execvpe, it clears the environment,
which means that every call to BB_EXECVP would have no environment variables.
2. If I switch these two functions, I would still have to keep the clearenv() -> putenv()
loop, since I want to support the new FEATURE_FORCE_NOEXEC config.
What do you think?
On Wed, Jan 22, 2025 at 08:31:43PM +1000, David Leonard wrote:
>
>
> On Wed, 22 Jan 2025, Nadav Tasher wrote:
>
> > When FEATURE_FORCE_APPLETS is enabled, BB_EXECVP will
> > fail when trying to execute things that are not busybox
> > applets. This allows more control over the executed
> > processes.
> ...
> > +int FAST_FUNC BB_EXECVPE(const char *file, char *const argv[], char *const envp[])
> > +{
> > + clearenv();
> > + while (*envp)
> > + putenv(*envp++);
> > +
> > + return BB_EXECVP(file, argv);
> > +}
>
> BB_EXECVPE can return an error and leave the environ of the caller altered,
> which is a bit different to execvpe(). Maybe it can be switched around so that
> BB_EXECVP() calls BB_EXECVPE() with a null envp.
>
> This patchset is a very interesting feature, by the way.
More information about the busybox
mailing list