Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / busybox / 890bd5de5114cff73928f9bd405ed7fb6e579015 / . / NOFORK_NOEXEC.lst
blob: 063d7cd48359407cd8fd685dfee3a9ee6ea0ae84 [file] [log] [blame]
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]1Why an applet can't be NOFORK or NOEXEC?
2
3Why can't be NOFORK:
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]4interactive: may wait for user input, ^C has to work
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]5spawner: "tool PROG ARGS" which changes program state and execs - must fork
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]6changes state: e.g. environment, signal handlers
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]7leaks: does not free allocated memory or opened fds
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]8 alloc+xfunc: xmalloc, then xfunc - leaks memory if xfunc dies
9 open+xfunc: opens fd, then calls xfunc - fd is leaked if xfunc dies
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]10talks to network/serial/etc: it's not known how long the delay can be,
11 it's reasonable to expect it might be many seconds
12 (even if usually it is not), so ^C has to work
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]13runner: sometimes may run for long(ish) time, and/or works with network:
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]14 ^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
15
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]16"runners" can become eligible after shell is taught ^C to interrupt NOFORKs,
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]17need to be inspected that they do not fall into alloc+xfunc, open+xfunc,
18leak categories.
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]19
20Why can't be NOEXEC:
21suid: runs under different uid - must fork+exec
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]22if it's important that /proc/PID/cmdline and comm are correct.
23 ("pkill sh" killing itself before it kills real "sh" is no fun)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]24
25Why shouldn't be NOFORK/NOEXEC:
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]26rare: not started often enough to bother optimizing (example: poweroff)
27daemon: runs indefinitely; these are also always fit "rare" category
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]28longterm: often runs for a long time (many seconds), execing makes
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]29 memory footprint smaller
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]30complex: no immediately obvious reason why NOFORK wouldn't work,
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]31 but does some non-obvoius operations (example: fuser, lsof, losetup);
32 detailed audit often turns out that it's a leaker
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]33hardware: performs unusual hardware ops which may take long,
34 or even hang due to hardware or firmware bugs
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]35
36Interesting example of "interactive" applet which is nevertheless can be
37(and is) NOEXEC is "rm". Yes, "rm -i" is interactive - but it's not that typical
38for users to keep it waiting for many minutes, whereas running "rm" in shell
39is very typical, and speeding up this common use via NOEXEC is useful.
40IOW: rm is "interactive", but not "longterm".
41
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]42
43[ - NOFORK
44[[ - NOFORK
45acpid - daemon
Denys Vlasenko7b8372b2017-08-07 00:28:15 +0200[diff] [blame]46add-shell - noexec. leaks: open+xfunc
47addgroup - noexec. leaks
48adduser - noexec. leaks
Denys Vlasenkoed7d1182017-08-06 20:00:21 +0200[diff] [blame]49adjtimex - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]50ar - runner
51arch - NOFORK
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]52arp - talks to network: arp -n queries DNS
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]53arping - longterm
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]54ash - interactive, longterm
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]55awk - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]56base64 - runner
57basename - NOFORK
Denys Vlasenko035e7152017-08-06 20:39:27 +0200[diff] [blame]58beep - longterm: beep -r 999999999
Denys Vlasenko277081e2017-08-06 20:20:47 +0200[diff] [blame]59blkdiscard - noexec. leaks: open+xioctl
Denys Vlasenkobf182392017-08-06 20:16:28 +0200[diff] [blame]60blkid - noexec
Denys Vlasenko9f598492017-08-05 01:29:12 +0200[diff] [blame]61blockdev - noexec. leaks fd
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]62bootchartd - daemon
Denys Vlasenko86e07f62017-08-06 20:14:02 +0200[diff] [blame]63brctl - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]64bunzip2 - runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]65bzcat - runner
66bzip2 - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]67cal - runner: cal -n9999
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]68cat - runner: cat HUGEFILE
69chat - longterm (when used as intended - talking to modem over stdin/out)
Denys Vlasenko99125c02017-08-05 20:38:04 +0200[diff] [blame]70chattr - noexec. runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]71chgrp - noexec. runner
72chmod - noexec. runner
73chown - noexec. runner
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]74chpasswd - longterm? (list of "user:password"s from stdin)
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]75chpst - noexec. spawner
76chroot - noexec. spawner
77chrt - noexec. spawner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]78chvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]79cksum - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]80clear - NOFORK
81cmp - runner
82comm - runner
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]83conspy - interactive, longterm
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]84cp - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]85cpio - runner
86crond - daemon
Denys Vlasenko22627462017-08-06 17:14:09 +0200[diff] [blame]87crontab - longterm (runs $EDITOR), leaks: open+xasprintf
Denys Vlasenkofeb79e82017-08-05 02:08:23 +0200[diff] [blame]88cryptpw - noexec. changes state: with --password-fd=N, moves N to stdin
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]89cttyhack - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]90cut - noexec. runner
91date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
Denys Vlasenkodbbc3f22017-08-07 23:30:22 +0200[diff] [blame]92dc - longterm (eats stdin if no params)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]93dd - noexec. runner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]94deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko7b8372b2017-08-07 00:28:15 +0200[diff] [blame]95delgroup - noexec. leaks
96deluser - noexec. leaks
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]97depmod - longterm(ish)
Denys Vlasenkofc9efcb2017-08-07 22:19:17 +0200[diff] [blame]98devmem - hardware (access to device memory may hang)
99df - noexec. leaks: nested allocs
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]100dhcprelay - daemon
101diff - runner
102dirname - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]103dmesg - runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]104dnsd - daemon
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]105dnsdomainname - noexec. talks to network (may query DNS)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]106dos2unix - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]107dpkg - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]108du - runner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]109dumpkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenkodbbc3f22017-08-07 23:30:22 +0200[diff] [blame]110dumpleases - noexec. leaks: open+xread
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]111echo - NOFORK
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]112ed - interactive, longterm
113egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
Denys Vlasenkoaf5d0082017-08-07 23:23:18 +0200[diff] [blame]114eject - hardware, leaks: open+ioctl_or_perror_and_die, changes state (moves fds)
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]115env - noexec. spawner, changes state (env)
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]116envdir - noexec. spawner
117envuidgid - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]118expand - runner
Denys Vlasenkoaf5d0082017-08-07 23:23:18 +0200[diff] [blame]119expr - noexec. leaks: nested allocs
Denys Vlasenkodbbc3f22017-08-07 23:30:22 +0200[diff] [blame]120factor - longterm (eats stdin if no params)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]121fakeidentd - daemon
122false - NOFORK
Denys Vlasenko354b1042017-08-07 22:21:54 +0200[diff] [blame]123fatattr - noexec. leaks: open+xioctl, complex
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]124fbset - hardware, leaks: open+xfunc
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]125fbsplash - runner, longterm
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]126fdflush - hardware, leaks: open+ioctl_or_perror_and_die
Denys Vlasenko8858a982017-08-08 01:21:49 +0200[diff] [blame]127fdformat - hardware, longterm
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]128fdisk - interactive, longterm
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]129fgconsole - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]130fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]131find - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]132findfs - suid
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]133flash_eraseall - hardware
134flash_lock - hardware
135flash_unlock - hardware
136flashcp - hardware
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]137flock - spawner, changes state (file locks), let's play safe and not be noexec
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]138fold - noexec. runner
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]139free - noexec. nofork candidate(struct globals, needs to close /proc/meminfo fd)
Denys Vlasenkoec98e3a2017-08-07 23:17:14 +0200[diff] [blame]140freeramdisk - noexec. leaks: open+ioctl_or_perror_and_die
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]141fsck - interactive, longterm
Denys Vlasenko65147852017-08-04 19:16:01 +0200[diff] [blame]142fsck.minix - needs ^C
Denys Vlasenko9f598492017-08-05 01:29:12 +0200[diff] [blame]143fsfreeze - noexec. leaks: open+xioctl
144fstrim - noexec. leaks: open+xioctl, find_block_device -> readdir+xstrdup
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]145fsync - NOFORK
146ftpd - daemon
147ftpget - runner
148ftpput - runner
149fuser - complex
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]150getopt - noexec. leaks: many allocs
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]151getty - interactive, longterm
152grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]153groups - noexec
154gunzip - runner
155gzip - runner
156halt - rare
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]157hd - noexec. runner
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]158hdparm - hardware
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]159head - noexec. runner
160hexdump - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]161hostid - NOFORK
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]162hostname - noexec. talks to network (hostname -d may query DNS)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]163httpd - daemon
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]164hush - interactive, longterm
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]165hwclock - hardware (xioctl(RTC_RD_TIME))
166i2cdetect - hardware
167i2cdump - hardware
168i2cget - hardware
169i2cset - hardware
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]170id - noexec
Denys Vlasenkoae844182017-08-07 23:14:49 +0200[diff] [blame]171ifconfig - hardware? (mem_start NN io_addr NN irq NN), leaks: xsocket+ioctl_or_perror_and_die
172ifenslave - noexec. leaks: xsocket+bb_perror_msg_and_die
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]173ifplugd - daemon
174inetd - daemon
175init - daemon
176inotifyd - daemon
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200[diff] [blame]177insmod - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]178install - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]179ionice - noexec. spawner
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]180iostat - longterm: "iostat 1" runs indefinitely
Denys Vlasenko72d725d2017-08-03 19:30:21 +0200[diff] [blame]181ip - noexec candidate
182ipaddr - noexec candidate
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]183ipcalc - noexec. ipcalc -h talks to network
Denys Vlasenko72d725d2017-08-03 19:30:21 +0200[diff] [blame]184ipcrm - noexec candidate
185ipcs - noexec candidate
186iplink - noexec candidate
187ipneigh - noexec candidate
188iproute - noexec candidate
189iprule - noexec candidate
190iptunnel - noexec candidate
Denys Vlasenko9a58cc02017-08-06 12:28:00 +0200[diff] [blame]191kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]192kill - NOFORK
193killall - NOFORK
194killall5 - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]195klogd - daemon
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]196last - runner (I've got 1300 lines of output when tried it)
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]197less - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]198link - NOFORK
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]199linux32 - noexec. spawner
200linux64 - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]201linuxrc - daemon
202ln - noexec
Denys Vlasenko1b280e42017-08-06 19:05:45 +0200[diff] [blame]203loadfont - noexec. leaks: config_open+bb_error_msg_and_die("map format")
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]204loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]205logger - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]206login - suid, interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]207logname - NOFORK
Denys Vlasenkoae844182017-08-07 23:14:49 +0200[diff] [blame]208losetup - noexec. complex
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]209lpd - daemon
210lpq - runner
211lpr - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]212ls - noexec. runner
Denys Vlasenko99125c02017-08-05 20:38:04 +0200[diff] [blame]213lsattr - noexec. runner
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200[diff] [blame]214lsmod - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]215lsof - complex
Denys Vlasenko3239ab82017-08-05 23:28:19 +0200[diff] [blame]216lspci - noexec. too rare to bother for nofork
217lsscsi - noexec. too rare to bother for nofork
218lsusb - noexec. too rare to bother for nofork
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]219lzcat - runner
220lzma - runner
221lzop - runner
222lzopcat - runner
Denys Vlasenko9536ef72017-08-06 21:47:07 +0200[diff] [blame]223makedevs - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]224makemime - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]225man - spawner, interactive, longterm
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]226md5sum - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]227mdev - daemon
Denys Vlasenko65147852017-08-04 19:16:01 +0200[diff] [blame]228mesg - NOFORK
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]229microcom - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]230mkdir - NOFORK
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]231mkdosfs - needs ^C
232mke2fs - needs ^C
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]233mkfifo - noexec
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]234mkfs.ext2 - needs ^C
235mkfs.minix - needs ^C
236mkfs.vfat - needs ^C
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]237mknod - noexec
Denys Vlasenkofeb79e82017-08-05 02:08:23 +0200[diff] [blame]238mkpasswd - noexec. changes state: with --password-fd=N, moves N to stdin
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]239mkswap - needs ^C
Denys Vlasenko6bec24c2017-08-04 17:39:05 +0200[diff] [blame]240mktemp - noexec. leaks: xstrdup+concat_path_file
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200[diff] [blame]241modinfo - noexec
242modprobe - noexec
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]243more - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]244mount - suid
Denys Vlasenko9f598492017-08-05 01:29:12 +0200[diff] [blame]245mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
Denys Vlasenkoa759b222017-08-06 14:15:24 +0200[diff] [blame]246mpstat - longterm: "mpstat 1" runs indefinitely
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]247mt - hardware
Denys Vlasenko65147852017-08-04 19:16:01 +0200[diff] [blame]248mv - noexec candidate, runner
Denys Vlasenkoa759b222017-08-06 14:15:24 +0200[diff] [blame]249nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
Denys Vlasenkobfc66d42017-08-06 21:53:39 +0200[diff] [blame]250nbd-client - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]251nc - runner
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]252netstat - longterm with -c (continuous listing)
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200[diff] [blame]253nice - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]254nl - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]255nmeter - longterm
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]256nohup - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]257nproc - NOFORK
258ntpd - daemon
259od - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]260openvt - longterm: spawns a child and waits for it
Denys Vlasenko9c49d6e2017-08-05 01:46:39 +0200[diff] [blame]261partprobe - noexec. leaks: open+ioctl_or_perror_and_die(BLKRRPART)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]262passwd - suid
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]263paste - noexec. runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]264patch - needs ^C
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]265pgrep - must fork+exec to get correct /proc/PID/cmdline and comm field
266pidof - must fork+exec to get correct /proc/PID/cmdline and comm field
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]267ping - suid, longterm
268ping6 - suid, longterm
Denys Vlasenko65147852017-08-04 19:16:01 +0200[diff] [blame]269pipe_progress - longterm
Denys Vlasenkofdb92352017-08-05 01:51:12 +0200[diff] [blame]270pivot_root - NOFORK
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]271pkill - must fork+exec to get correct /proc/PID/cmdline and comm field
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]272pmap - noexec candidate, leaks: open+xstrdup
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]273popmaildir - runner
274poweroff - rare
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]275powertop - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]276printenv - NOFORK
277printf - NOFORK
Denys Vlasenko00c18112017-08-05 22:25:00 +0200[diff] [blame]278ps - looks for AT_CLKTCK elf aux vector, therefore can't be noexec
Denys Vlasenko72d725d2017-08-03 19:30:21 +0200[diff] [blame]279pscan - longterm
Denys Vlasenko00c18112017-08-05 22:25:00 +0200[diff] [blame]280pstree - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]281pwd - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]282pwdx - NOFORK
Denys Vlasenkoa894a4b2017-08-06 19:08:46 +0200[diff] [blame]283raidautorun - noexec. very simple. leaks: open+xioctl
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]284rdate - talks to network
285rdev - noexec. leaks: find_block_device -> readdir+xstrdup
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]286readlink - NOFORK
Denys Vlasenko9536ef72017-08-06 21:47:07 +0200[diff] [blame]287readprofile - reads /boot/System.map and /proc/profile, better to free more memory by execing?
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]288realpath - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]289reboot - rare
290reformime - runner
Denys Vlasenko7b8372b2017-08-07 00:28:15 +0200[diff] [blame]291remove-shell - noexec. leaks: open+xfunc
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]292renice - noexec. nofork candidate(uses getpwnam, is that ok?)
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200[diff] [blame]293reset - noexec. spawner (execs "stty")
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]294resize - noexec. changes state (signal handlers)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]295rev - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]296rm - noexec. rm -i interactive
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]297rmdir - NOFORK
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200[diff] [blame]298rmmod - noexec
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]299route - talks to network (may query DNS to convert IPs to names)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]300rpm - runner
301rpm2cpio - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]302rtcwake - longterm: puts system to sleep, optimizing this for speed is pointless
Denys Vlasenkoa894a4b2017-08-06 19:08:46 +0200[diff] [blame]303run-parts - longterm
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]304runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]305runsv - daemon
306runsvdir - daemon
307rx - runner
Denys Vlasenkodd55d5d2017-08-07 01:53:17 +0200[diff] [blame]308script - longterm: pumps script output from slave pty
309scriptreplay - longterm: plays back "script" saved output, sleeping as necessary.
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]310sed - runner
311sendmail - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]312seq - noexec. runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]313setarch - noexec. spawner
Denys Vlasenko5cb907f2017-08-06 18:56:25 +0200[diff] [blame]314setconsole - noexec
Denys Vlasenko1b280e42017-08-06 19:05:45 +0200[diff] [blame]315setfont - noexec. leaks a lot of stuff
Denys Vlasenkob83db4d2017-08-06 18:29:25 +0200[diff] [blame]316setkeycodes - noexec
Denys Vlasenko341ce0a2017-08-06 18:17:58 +0200[diff] [blame]317setlogcons - noexec
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]318setpriv - spawner, changes state, let's play safe and not be noexec
Denys Vlasenko97b738d2017-08-06 18:06:46 +0200[diff] [blame]319setserial - noexec
Denys Vlasenko22627462017-08-06 17:14:09 +0200[diff] [blame]320setsid - spawner, uses fork_or_rexec() [not audited to work in noexec], let's play safe and not be noexec
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]321setuidgid - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]322sha1sum - noexec. runner
323sha256sum - noexec. runner
324sha3sum - noexec. runner
325sha512sum - noexec. runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]326showkey - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]327shred - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]328shuf - noexec. runner
Denys Vlasenko22627462017-08-06 17:14:09 +0200[diff] [blame]329slattach - longterm (may sleep forever), uses bb_common_bufsiz1
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]330sleep - runner, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]331smemcap - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]332softlimit - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]333sort - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]334split - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]335ssl_client - longterm
Denys Vlasenko184c7382017-08-06 20:55:56 +0200[diff] [blame]336start-stop-daemon - not noexec: uses bb_common_bufsiz1
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]337stat - noexec. nofork candidate(needs fewer allocs)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]338strings - runner
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200[diff] [blame]339stty - noexec. nofork candidate: has no allocs or opens except xmove_fd(xopen("-F DEVICE"),STDIN). tcsetattr(STDIN) is not a problem: it would work the same across processes sharing this fd
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]340su - suid, spawner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]341sulogin - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]342sum - runner
Denys Vlasenkoa453ca52017-08-05 01:42:08 +0200[diff] [blame]343sv - noexec. needs ^C (uses usleep(420000))
344svc - noexec. needs ^C (uses usleep(420000))
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]345svlogd - daemon
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]346swapoff - longterm: may cause memory pressure, execing is beneficial
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]347swapon - rare
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]348switch_root - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]349sync - NOFORK
Denys Vlasenkocaf26b32017-08-05 18:23:10 +0200[diff] [blame]350sysctl - noexec. leaks: xstrdup+xmalloc_read
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]351syslogd - daemon
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]352tac - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]353tail - runner
354tar - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]355taskset - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]356tcpsvd - daemon
357tee - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]358telnet - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]359telnetd - daemon
360test - NOFORK
361tftp - runner
362tftpd - daemon
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]363time - spawner, longterm, changes state (signals)
364timeout - spawner, longterm, changes state (signals)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]365top - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]366touch - NOFORK
367tr - runner
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]368traceroute - suid, longterm
369traceroute6 - suid, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]370true - NOFORK
371truncate - NOFORK
372tty - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]373ttysize - NOFORK
Denys Vlasenko9a58cc02017-08-06 12:28:00 +0200[diff] [blame]374tunctl - noexec
Denys Vlasenko99125c02017-08-05 20:38:04 +0200[diff] [blame]375tune2fs - noexec. leaks: open+xfunc
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]376ubiattach - hardware
377ubidetach - hardware
378ubimkvol - hardware
379ubirename - hardware
380ubirmvol - hardware
381ubirsvol - hardware
382ubiupdatevol - hardware
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]383udhcpc - daemon
384udhcpd - daemon
385udpsvd - daemon
386uevent - daemon
Denys Vlasenko83a6c8d2017-08-05 23:21:02 +0200[diff] [blame]387umount - noexec. leaks: nested xmalloc
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]388uname - NOFORK
389uncompress - runner
390unexpand - runner
391uniq - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]392unix2dos - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]393unlink - NOFORK
394unlzma - runner
395unlzop - runner
396unxz - runner
397unzip - runner
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]398uptime - noexec. nofork candidate(is getutxent ok?)
399users - noexec. nofork candidate(is getutxent ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]400usleep - NOFORK
401uudecode - runner
402uuencode - runner
Denys Vlasenkoa4d4ab02017-08-09 18:52:19 +0200[diff] [blame]403vconfig - noexec. leaks: xsocket+ioctl_or_perror_and_die
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]404vi - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]405vlock - suid
Denys Vlasenkoae844182017-08-07 23:14:49 +0200[diff] [blame]406volname - hardware (reads CDROM, this can take long-ish if need to spin up)
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]407w - noexec. nofork candidate(is getutxent ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]408wall - suid
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]409watch - longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]410watchdog - daemon
411wc - runner
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]412wget - longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]413which - NOFORK
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]414who - noexec. nofork candidate(is getutxent ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]415whoami - NOFORK
Denys Vlasenko8858a982017-08-08 01:21:49 +0200[diff] [blame]416whois - talks to network
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]417xargs - noexec. spawner
418xxd - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]419xz - runner
420xzcat - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]421yes - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]422zcat - runner
423zcip - daemon