blob: ab58df50d16b88fb8437e9e06a33060cba3aac2b [file] [log] [blame]
Denys Vlasenko819b47a2017-08-03 03:29:32 +02001Why an applet can't be NOFORK or NOEXEC?
2
3Why can't be NOFORK:
Denys Vlasenko819b47a2017-08-03 03:29:32 +02004interactive: may wait for user input, ^C has to work
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +02005spawner: "tool PROG ARGS" which changes program state and execs - must fork
Denys Vlasenko819b47a2017-08-03 03:29:32 +02006changes state: e.g. environment, signal handlers
Denys Vlasenko49e6bf22017-08-04 14:28:16 +02007alloc+xfunc: xmalloc, then xfunc - leaks memory if xfunc dies
8open+xfunc: opens fd, then calls xfunc - fd is leaked if xfunc dies
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +02009leaks: does not free allocated memory or opened fds
Denys Vlasenko39194f02017-08-03 19:00:01 +020010runner: sometimes may run for long(ish) time, and/or works with network:
Denys Vlasenko819b47a2017-08-03 03:29:32 +020011 ^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
12
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +020013"runners" can become eligible after shell is taught ^C to interrupt NOFORKs,
Denys Vlasenko74c05f52017-08-04 17:36:16 +020014need to be inspected that they do not fall into alloc+xfunc, open+xfunc,
15leak categories.
Denys Vlasenko819b47a2017-08-03 03:29:32 +020016
17Why can't be NOEXEC:
18suid: runs under different uid - must fork+exec
19
20Why shouldn't be NOFORK/NOEXEC:
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +020021rare: not started often enough to bother optimizing (example: poweroff)
22daemon: runs indefinitely; these are also always fit "rare" category
Denys Vlasenko5c527dc2017-08-04 19:55:01 +020023longterm: often runs for a long time (many seconds), execing makes
Denys Vlasenko39194f02017-08-03 19:00:01 +020024 memory footprint smaller
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +020025complex: no immediately obvious reason why NOFORK wouldn't work,
Denys Vlasenko74c05f52017-08-04 17:36:16 +020026 but does some non-obvoius operations (example: fuser, lsof, losetup);
27 detailed audit often turns out that it's a leaker
28
29Interesting example of "interactive" applet which is nevertheless can be
30(and is) NOEXEC is "rm". Yes, "rm -i" is interactive - but it's not that typical
31for users to keep it waiting for many minutes, whereas running "rm" in shell
32is very typical, and speeding up this common use via NOEXEC is useful.
33IOW: rm is "interactive", but not "longterm".
34
Denys Vlasenko819b47a2017-08-03 03:29:32 +020035
36[ - NOFORK
37[[ - NOFORK
38acpid - daemon
39add-shell
40addgroup
41adduser
Denys Vlasenkoed7d1182017-08-06 20:00:21 +020042adjtimex - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +020043ar - runner
44arch - NOFORK
Denys Vlasenko74c05f52017-08-04 17:36:16 +020045arp - complex, rare
Denys Vlasenko819b47a2017-08-03 03:29:32 +020046arping - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +020047ash - interactive, longterm
Denys Vlasenko39194f02017-08-03 19:00:01 +020048awk - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +020049base64 - runner
50basename - NOFORK
51beep
Denys Vlasenko277081e2017-08-06 20:20:47 +020052blkdiscard - noexec. leaks: open+xioctl
Denys Vlasenkobf182392017-08-06 20:16:28 +020053blkid - noexec
Denys Vlasenko9f598492017-08-05 01:29:12 +020054blockdev - noexec. leaks fd
Denys Vlasenko819b47a2017-08-03 03:29:32 +020055bootchartd - daemon
Denys Vlasenko86e07f62017-08-06 20:14:02 +020056brctl - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +020057bunzip2 - runner
58busybox
59bzcat - runner
60bzip2 - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +020061cal - runner: cal -n9999
Denys Vlasenko819b47a2017-08-03 03:29:32 +020062cat - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +020063chat - needs ^C to work
Denys Vlasenko99125c02017-08-05 20:38:04 +020064chattr - noexec. runner
Denys Vlasenko39194f02017-08-03 19:00:01 +020065chgrp - noexec. runner
66chmod - noexec. runner
67chown - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +020068chpasswd - runner (list of "user:password"s from stdin)
Denys Vlasenko5c527dc2017-08-04 19:55:01 +020069chpst - noexec. spawner
70chroot - noexec. spawner
71chrt - noexec. spawner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +020072chvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko39194f02017-08-03 19:00:01 +020073cksum - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +020074clear - NOFORK
75cmp - runner
76comm - runner
Denys Vlasenko83d77852017-08-04 17:59:46 +020077conspy - interactive, longterm
Denys Vlasenko39194f02017-08-03 19:00:01 +020078cp - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +020079cpio - runner
80crond - daemon
Denys Vlasenko22627462017-08-06 17:14:09 +020081crontab - longterm (runs $EDITOR), leaks: open+xasprintf
Denys Vlasenkofeb79e82017-08-05 02:08:23 +020082cryptpw - noexec. changes state: with --password-fd=N, moves N to stdin
Denys Vlasenko5c527dc2017-08-04 19:55:01 +020083cttyhack - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +020084cut - noexec. runner
85date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
Denys Vlasenko819b47a2017-08-03 03:29:32 +020086dc - runner (eats stdin if no params)
Denys Vlasenko39194f02017-08-03 19:00:01 +020087dd - noexec. runner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +020088deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko819b47a2017-08-03 03:29:32 +020089delgroup
90deluser
Denys Vlasenko74c05f52017-08-04 17:36:16 +020091depmod - complex, rare
Denys Vlasenko39194f02017-08-03 19:00:01 +020092devmem - runner, complex (access to device memory may hang)
Denys Vlasenko83d77852017-08-04 17:59:46 +020093df - leaks: nested allocs
Denys Vlasenko819b47a2017-08-03 03:29:32 +020094dhcprelay - daemon
95diff - runner
96dirname - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +020097dmesg - runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +020098dnsd - daemon
Denys Vlasenko74c05f52017-08-04 17:36:16 +020099dnsdomainname - needs ^C (may talk to DNS servers, which may be down)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200100dos2unix - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200101dpkg - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200102du - runner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200103dumpkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko65147852017-08-04 19:16:01 +0200104dumpleases - leaks: open+xread
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200105echo - NOFORK
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200106ed - interactive, longterm
107egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
108eject - leaks: open+ioctl_or_perror_and_die, changes state (moves fds)
Denys Vlasenko83d77852017-08-04 17:59:46 +0200109env - noexec. spawner, changes state (env)
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200110envdir - noexec. spawner
111envuidgid - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200112expand - runner
Denys Vlasenko83d77852017-08-04 17:59:46 +0200113expr - leaks: nested allocs
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200114factor - runner (eats stdin if no params)
115fakeidentd - daemon
116false - NOFORK
Denys Vlasenko83d77852017-08-04 17:59:46 +0200117fatattr - leaks: open+xioctl, complex
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200118fbset - leaks: open+xfunc, complex, rare
119fbsplash - runner, longterm
120fdflush - leaks: open+ioctl_or_perror_and_die, needs ^C (floppy may be unresponsive), rare
121fdformat - needs ^C (floppy may be unresponsive), longterm, rare
122fdisk - interactive, longterm
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200123fgconsole - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200124fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200125find - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200126findfs - suid
127flash_eraseall
128flash_lock
129flash_unlock
130flashcp
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200131flock - spawner, changes state (file locks), let's play safe and not be noexec
Denys Vlasenko39194f02017-08-03 19:00:01 +0200132fold - noexec. runner
133free - nofork candidate(struct globals, needs to close /proc/meminfo fd)
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200134freeramdisk - leaks: open+ioctl_or_perror_and_die
135fsck - interactive, longterm
Denys Vlasenko65147852017-08-04 19:16:01 +0200136fsck.minix - needs ^C
Denys Vlasenko9f598492017-08-05 01:29:12 +0200137fsfreeze - noexec. leaks: open+xioctl
138fstrim - noexec. leaks: open+xioctl, find_block_device -> readdir+xstrdup
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200139fsync - NOFORK
140ftpd - daemon
141ftpget - runner
142ftpput - runner
143fuser - complex
Denys Vlasenko83d77852017-08-04 17:59:46 +0200144getopt - noexec. leaks: many allocs
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200145getty - interactive, longterm
146grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200147groups - noexec
148gunzip - runner
149gzip - runner
150halt - rare
Denys Vlasenko39194f02017-08-03 19:00:01 +0200151hd - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200152hdparm - complex, rare
Denys Vlasenko39194f02017-08-03 19:00:01 +0200153head - noexec. runner
154hexdump - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200155hostid - NOFORK
Denys Vlasenko947b2392017-08-04 18:36:55 +0200156hostname - needs ^C (may talk to DNS servers, which may be down)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200157httpd - daemon
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200158hush - interactive, longterm
Denys Vlasenko83d77852017-08-04 17:59:46 +0200159hwclock - talks to hardware (xioctl(RTC_RD_TIME)) - needs ^C
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200160i2cdetect
161i2cdump
162i2cget
163i2cset
164id - noexec
Denys Vlasenko65147852017-08-04 19:16:01 +0200165ifconfig - leaks: xsocket+ioctl_or_perror_and_die
166ifenslave - leaks: xsocket+bb_perror_msg_and_die
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200167ifplugd - daemon
168inetd - daemon
169init - daemon
170inotifyd - daemon
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200171insmod - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200172install - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200173ionice - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200174iostat - runner
Denys Vlasenko72d725d2017-08-03 19:30:21 +0200175ip - noexec candidate
176ipaddr - noexec candidate
177ipcalc - noexec candidate
178ipcrm - noexec candidate
179ipcs - noexec candidate
180iplink - noexec candidate
181ipneigh - noexec candidate
182iproute - noexec candidate
183iprule - noexec candidate
184iptunnel - noexec candidate
Denys Vlasenko9a58cc02017-08-06 12:28:00 +0200185kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
Denys Vlasenko39194f02017-08-03 19:00:01 +0200186kill - NOFORK
187killall - NOFORK
188killall5 - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200189klogd - daemon
Denys Vlasenko39194f02017-08-03 19:00:01 +0200190last - runner (I've got 1300 lines of output when tried it)
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200191less - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200192link - NOFORK
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200193linux32 - noexec. spawner
194linux64 - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200195linuxrc - daemon
196ln - noexec
Denys Vlasenko1b280e42017-08-06 19:05:45 +0200197loadfont - noexec. leaks: config_open+bb_error_msg_and_die("map format")
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200198loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200199logger - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200200login - suid, interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200201logname - NOFORK
202losetup - complex
203lpd - daemon
204lpq - runner
205lpr - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200206ls - noexec. runner
Denys Vlasenko99125c02017-08-05 20:38:04 +0200207lsattr - noexec. runner
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200208lsmod - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200209lsof - complex
Denys Vlasenko3239ab82017-08-05 23:28:19 +0200210lspci - noexec. too rare to bother for nofork
211lsscsi - noexec. too rare to bother for nofork
212lsusb - noexec. too rare to bother for nofork
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200213lzcat - runner
214lzma - runner
215lzop - runner
216lzopcat - runner
217makedevs
218makemime - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200219man - spawner, interactive, longterm
Denys Vlasenko39194f02017-08-03 19:00:01 +0200220md5sum - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200221mdev - daemon
Denys Vlasenko65147852017-08-04 19:16:01 +0200222mesg - NOFORK
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200223microcom - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200224mkdir - NOFORK
Denys Vlasenko947b2392017-08-04 18:36:55 +0200225mkdosfs - needs ^C
226mke2fs - needs ^C
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200227mkfifo - noexec
Denys Vlasenko947b2392017-08-04 18:36:55 +0200228mkfs.ext2 - needs ^C
229mkfs.minix - needs ^C
230mkfs.vfat - needs ^C
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200231mknod - noexec
Denys Vlasenkofeb79e82017-08-05 02:08:23 +0200232mkpasswd - noexec. changes state: with --password-fd=N, moves N to stdin
Denys Vlasenko947b2392017-08-04 18:36:55 +0200233mkswap - needs ^C
Denys Vlasenko6bec24c2017-08-04 17:39:05 +0200234mktemp - noexec. leaks: xstrdup+concat_path_file
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200235modinfo - noexec
236modprobe - noexec
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200237more - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200238mount - suid
Denys Vlasenko9f598492017-08-05 01:29:12 +0200239mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
Denys Vlasenkoa759b222017-08-06 14:15:24 +0200240mpstat - longterm: "mpstat 1" runs indefinitely
Denys Vlasenko947b2392017-08-04 18:36:55 +0200241mt - rare
Denys Vlasenko65147852017-08-04 19:16:01 +0200242mv - noexec candidate, runner
Denys Vlasenkoa759b222017-08-06 14:15:24 +0200243nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200244nbd-client
245nc - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200246netstat - runner with -c
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200247nice - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200248nl - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200249nmeter - longterm
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200250nohup - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200251nproc - NOFORK
252ntpd - daemon
253od - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200254openvt - longterm: spawns a child and waits for it
Denys Vlasenko9c49d6e2017-08-05 01:46:39 +0200255partprobe - noexec. leaks: open+ioctl_or_perror_and_die(BLKRRPART)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200256passwd - suid
Denys Vlasenko39194f02017-08-03 19:00:01 +0200257paste - noexec. runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200258patch - needs ^C
Denys Vlasenko39194f02017-08-03 19:00:01 +0200259pgrep - nofork candidate(xregcomp, procps_scan - are they ok?)
260pidof - nofork candidate(uses find_pid_by_name, is that ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200261ping - suid, runner
262ping6 - suid, runner
Denys Vlasenko65147852017-08-04 19:16:01 +0200263pipe_progress - longterm
Denys Vlasenkofdb92352017-08-05 01:51:12 +0200264pivot_root - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200265pkill - nofork candidate(xregcomp, procps_scan - are they ok?)
Denys Vlasenko947b2392017-08-04 18:36:55 +0200266pmap - noexec candidate, leaks: open+xstrdup
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200267popmaildir - runner
268poweroff - rare
Denys Vlasenko39194f02017-08-03 19:00:01 +0200269powertop - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200270printenv - NOFORK
271printf - NOFORK
Denys Vlasenko00c18112017-08-05 22:25:00 +0200272ps - looks for AT_CLKTCK elf aux vector, therefore can't be noexec
Denys Vlasenko72d725d2017-08-03 19:30:21 +0200273pscan - longterm
Denys Vlasenko00c18112017-08-05 22:25:00 +0200274pstree - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200275pwd - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200276pwdx - NOFORK
Denys Vlasenkoa894a4b2017-08-06 19:08:46 +0200277raidautorun - noexec. very simple. leaks: open+xioctl
Denys Vlasenko947b2392017-08-04 18:36:55 +0200278rdate - needs ^C (may talk to DNS servers, which may be down)
279rdev - leaks: find_block_device -> readdir+xstrdup
Denys Vlasenko39194f02017-08-03 19:00:01 +0200280readlink - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200281readprofile
Denys Vlasenko39194f02017-08-03 19:00:01 +0200282realpath - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200283reboot - rare
284reformime - runner
285remove-shell
Denys Vlasenko39194f02017-08-03 19:00:01 +0200286renice - nofork candidate(uses getpwnam, is that ok?)
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200287reset - noexec. spawner (execs "stty")
Denys Vlasenko39194f02017-08-03 19:00:01 +0200288resize - noexec. changes state (signal handlers)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200289rev - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200290rm - noexec. rm -i interactive
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200291rmdir - NOFORK
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200292rmmod - noexec
Denys Vlasenko947b2392017-08-04 18:36:55 +0200293route - needs ^C (may talk to DNS servers, which may be down)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200294rpm - runner
295rpm2cpio - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200296rtcwake - longterm: puts system to sleep, optimizing this for speed is pointless
Denys Vlasenkoa894a4b2017-08-06 19:08:46 +0200297run-parts - longterm
Denys Vlasenko83d77852017-08-04 17:59:46 +0200298runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200299runsv - daemon
300runsvdir - daemon
301rx - runner
302script
303scriptreplay
304sed - runner
305sendmail - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200306seq - noexec. runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200307setarch - noexec. spawner
Denys Vlasenko5cb907f2017-08-06 18:56:25 +0200308setconsole - noexec
Denys Vlasenko1b280e42017-08-06 19:05:45 +0200309setfont - noexec. leaks a lot of stuff
Denys Vlasenkob83db4d2017-08-06 18:29:25 +0200310setkeycodes - noexec
Denys Vlasenko341ce0a2017-08-06 18:17:58 +0200311setlogcons - noexec
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200312setpriv - spawner, changes state, let's play safe and not be noexec
Denys Vlasenko97b738d2017-08-06 18:06:46 +0200313setserial - noexec
Denys Vlasenko22627462017-08-06 17:14:09 +0200314setsid - spawner, uses fork_or_rexec() [not audited to work in noexec], let's play safe and not be noexec
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200315setuidgid - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200316sha1sum - noexec. runner
317sha256sum - noexec. runner
318sha3sum - noexec. runner
319sha512sum - noexec. runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200320showkey - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200321shred - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200322shuf - noexec. runner
Denys Vlasenko22627462017-08-06 17:14:09 +0200323slattach - longterm (may sleep forever), uses bb_common_bufsiz1
Denys Vlasenko947b2392017-08-04 18:36:55 +0200324sleep - runner, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200325smemcap - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200326softlimit - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200327sort - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200328split - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200329ssl_client - longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200330start-stop-daemon
Denys Vlasenko39194f02017-08-03 19:00:01 +0200331stat - nofork candidate(needs fewer allocs)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200332strings - runner
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200333stty - noexec. nofork candidate: has no allocs or opens except xmove_fd(xopen("-F DEVICE"),STDIN). tcsetattr(STDIN) is not a problem: it would work the same across processes sharing this fd
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200334su - suid, spawner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200335sulogin - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200336sum - runner
Denys Vlasenkoa453ca52017-08-05 01:42:08 +0200337sv - noexec. needs ^C (uses usleep(420000))
338svc - noexec. needs ^C (uses usleep(420000))
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200339svlogd - daemon
340swapoff - rare
341swapon - rare
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200342switch_root - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200343sync - NOFORK
Denys Vlasenkocaf26b32017-08-05 18:23:10 +0200344sysctl - noexec. leaks: xstrdup+xmalloc_read
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200345syslogd - daemon
Denys Vlasenko39194f02017-08-03 19:00:01 +0200346tac - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200347tail - runner
348tar - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200349taskset - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200350tcpsvd - daemon
351tee - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200352telnet - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200353telnetd - daemon
354test - NOFORK
355tftp - runner
356tftpd - daemon
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200357time - spawner, longterm, changes state (signals)
358timeout - spawner, longterm, changes state (signals)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200359top - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200360touch - NOFORK
361tr - runner
362traceroute - suid, runner
363traceroute6 - suid, runner
364true - NOFORK
365truncate - NOFORK
366tty - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200367ttysize - NOFORK
Denys Vlasenko9a58cc02017-08-06 12:28:00 +0200368tunctl - noexec
Denys Vlasenko99125c02017-08-05 20:38:04 +0200369tune2fs - noexec. leaks: open+xfunc
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200370ubiattach
371ubidetach
372ubimkvol
373ubirename
374ubirmvol
375ubirsvol
376ubiupdatevol
377udhcpc - daemon
378udhcpd - daemon
379udpsvd - daemon
380uevent - daemon
Denys Vlasenko83a6c8d2017-08-05 23:21:02 +0200381umount - noexec. leaks: nested xmalloc
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200382uname - NOFORK
383uncompress - runner
384unexpand - runner
385uniq - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200386unix2dos - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200387unlink - NOFORK
388unlzma - runner
389unlzop - runner
390unxz - runner
391unzip - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200392uptime - nofork candidate(is getutxent ok?)
393users - nofork candidate(is getutxent ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200394usleep - NOFORK
395uudecode - runner
396uuencode - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200397vconfig - leaks: xsocket+ioctl_or_perror_and_die
398vi - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200399vlock - suid
400volname - runner
Denys Vlasenko65147852017-08-04 19:16:01 +0200401w - nofork candidate(is getutxent ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200402wall - suid
Denys Vlasenko83d77852017-08-04 17:59:46 +0200403watch - longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200404watchdog - daemon
405wc - runner
Denys Vlasenko83d77852017-08-04 17:59:46 +0200406wget - longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200407which - NOFORK
Denys Vlasenko65147852017-08-04 19:16:01 +0200408who - nofork candidate(is getutxent ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200409whoami - NOFORK
Denys Vlasenko65147852017-08-04 19:16:01 +0200410whois - needs ^C
Denys Vlasenko39194f02017-08-03 19:00:01 +0200411xargs - noexec. spawner
412xxd - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200413xz - runner
414xzcat - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200415yes - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200416zcat - runner
417zcip - daemon