Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / busybox / 3e6be02e2b7bf3320dda2f105bd2ce6c1c3c0671 / . / NOFORK_NOEXEC.lst
blob: 055f9fb24804ce95f9a519fadd60b6591c7428cf [file] [log] [blame]
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]1Why an applet can't be NOFORK or NOEXEC?
2
3Why can't be NOFORK:
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]4interactive: may wait for user input, ^C has to work
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]5spawner: "tool PROG ARGS" which changes program state and execs - must fork
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]6changes state: e.g. environment, signal handlers
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]7leaks: does not free allocated memory or opened fds
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]8 alloc+xfunc: xmalloc, then xfunc - leaks memory if xfunc dies
9 open+xfunc: opens fd, then calls xfunc - fd is leaked if xfunc dies
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]10talks to network/serial/etc: it's not known how long the delay can be,
11 it's reasonable to expect it might be many seconds
12 (even if usually it is not), so ^C has to work
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]13runner: sometimes may run for long(ish) time, and/or works with network:
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]14 ^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
15
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]16"runners" can become eligible after shell is taught ^C to interrupt NOFORKs,
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]17need to be inspected that they do not fall into alloc+xfunc, open+xfunc,
18leak categories.
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]19
20Why can't be NOEXEC:
21suid: runs under different uid - must fork+exec
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]22if it's important that /proc/PID/cmdline and comm are correct.
23 ("pkill sh" killing itself before it kills real "sh" is no fun)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]24
25Why shouldn't be NOFORK/NOEXEC:
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]26rare: not started often enough to bother optimizing (example: poweroff)
27daemon: runs indefinitely; these are also always fit "rare" category
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]28longterm: often runs for a long time (many seconds), execing makes
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]29 memory footprint smaller
Denys Vlasenko7f9d62d2017-08-04 16:01:39 +0200[diff] [blame]30complex: no immediately obvious reason why NOFORK wouldn't work,
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]31 but does some non-obvoius operations (example: fuser, lsof, losetup);
32 detailed audit often turns out that it's a leaker
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]33hardware: performs unusual hardware ops which may take long,
34 or even hang due to hardware or firmware bugs
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]35
36Interesting example of "interactive" applet which is nevertheless can be
37(and is) NOEXEC is "rm". Yes, "rm -i" is interactive - but it's not that typical
38for users to keep it waiting for many minutes, whereas running "rm" in shell
39is very typical, and speeding up this common use via NOEXEC is useful.
40IOW: rm is "interactive", but not "longterm".
41
Denys Vlasenko3bc23172017-08-09 19:51:17 +0200[diff] [blame]42Interesting example of an applet which can be NOFORK but if not,
43then should not be NOEXEC, is "usleep". As NOFORK, it amount to simply
44nanosleep()ing in the calling program (usually shell). No memory wasted.
45But if ran as NOEXEC, it would create a potentially long-term process,
46which would be taking more memory because it did not exec
47and did not free much of the copied memory of the parent
48(COW helps with this only as long as parent doesn't modify its memory).
49
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]50
51[ - NOFORK
52[[ - NOFORK
53acpid - daemon
Denys Vlasenko7b8372b2017-08-07 00:28:15 +0200[diff] [blame]54add-shell - noexec. leaks: open+xfunc
55addgroup - noexec. leaks
56adduser - noexec. leaks
Denys Vlasenkoed7d1182017-08-06 20:00:21 +0200[diff] [blame]57adjtimex - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]58ar - runner
59arch - NOFORK
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]60arp - talks to network: arp -n queries DNS
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]61arping - longterm
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]62ash - interactive, longterm
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]63awk - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]64base64 - runner
65basename - NOFORK
Denys Vlasenko035e7152017-08-06 20:39:27 +0200[diff] [blame]66beep - longterm: beep -r 999999999
Denys Vlasenko277081e2017-08-06 20:20:47 +0200[diff] [blame]67blkdiscard - noexec. leaks: open+xioctl
Denys Vlasenkobf182392017-08-06 20:16:28 +0200[diff] [blame]68blkid - noexec
Denys Vlasenko9f598492017-08-05 01:29:12 +0200[diff] [blame]69blockdev - noexec. leaks fd
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]70bootchartd - daemon
Denys Vlasenko86e07f62017-08-06 20:14:02 +0200[diff] [blame]71brctl - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]72bunzip2 - runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]73bzcat - runner
74bzip2 - runner
Denys Vlasenkocbdc37c2018-01-14 14:32:11 +0100[diff] [blame]75cal - noexec. can be runner: cal -n9999
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]76cat - runner: cat HUGEFILE
77chat - longterm (when used as intended - talking to modem over stdin/out)
Denys Vlasenko99125c02017-08-05 20:38:04 +0200[diff] [blame]78chattr - noexec. runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]79chgrp - noexec. runner
80chmod - noexec. runner
81chown - noexec. runner
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]82chpasswd - longterm? (list of "user:password"s from stdin)
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]83chpst - noexec. spawner
84chroot - noexec. spawner
85chrt - noexec. spawner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]86chvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]87cksum - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]88clear - NOFORK
89cmp - runner
90comm - runner
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]91conspy - interactive, longterm
Denys Vlasenko88663e42018-01-14 14:41:52 +0100[diff] [blame]92cp - noexec. sometimes runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]93cpio - runner
94crond - daemon
Denys Vlasenko22627462017-08-06 17:14:09 +0200[diff] [blame]95crontab - longterm (runs $EDITOR), leaks: open+xasprintf
Denys Vlasenkofeb79e82017-08-05 02:08:23 +0200[diff] [blame]96cryptpw - noexec. changes state: with --password-fd=N, moves N to stdin
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]97cttyhack - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]98cut - noexec. runner
99date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
Denys Vlasenkodbbc3f22017-08-07 23:30:22 +0200[diff] [blame]100dc - longterm (eats stdin if no params)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]101dd - noexec. runner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]102deallocvt - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko7b8372b2017-08-07 00:28:15 +0200[diff] [blame]103delgroup - noexec. leaks
104deluser - noexec. leaks
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]105depmod - longterm(ish)
Denys Vlasenkofc9efcb2017-08-07 22:19:17 +0200[diff] [blame]106devmem - hardware (access to device memory may hang)
107df - noexec. leaks: nested allocs
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]108dhcprelay - daemon
109diff - runner
110dirname - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]111dmesg - runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]112dnsd - daemon
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]113dnsdomainname - noexec. talks to network (may query DNS)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]114dos2unix - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]115dpkg - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]116du - runner
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]117dumpkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenkodbbc3f22017-08-07 23:30:22 +0200[diff] [blame]118dumpleases - noexec. leaks: open+xread
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]119echo - NOFORK
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]120ed - interactive, longterm
121egrep - longterm runner ("CMD | egrep ..." may run indefinitely, better to exec to conserve memory)
Denys Vlasenkoaf5d0082017-08-07 23:23:18 +0200[diff] [blame]122eject - hardware, leaks: open+ioctl_or_perror_and_die, changes state (moves fds)
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]123env - noexec. spawner, changes state (env)
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]124envdir - noexec. spawner
125envuidgid - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]126expand - runner
Denys Vlasenkoaf5d0082017-08-07 23:23:18 +0200[diff] [blame]127expr - noexec. leaks: nested allocs
Denys Vlasenkodbbc3f22017-08-07 23:30:22 +0200[diff] [blame]128factor - longterm (eats stdin if no params)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]129fakeidentd - daemon
130false - NOFORK
Denys Vlasenko354b1042017-08-07 22:21:54 +0200[diff] [blame]131fatattr - noexec. leaks: open+xioctl, complex
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]132fbset - hardware, leaks: open+xfunc
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]133fbsplash - runner, longterm
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]134fdflush - hardware, leaks: open+ioctl_or_perror_and_die
Denys Vlasenko8858a982017-08-08 01:21:49 +0200[diff] [blame]135fdformat - hardware, longterm
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]136fdisk - interactive, longterm
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]137fgconsole - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]138fgrep - longterm runner ("CMD | fgrep ..." may run indefinitely, better to exec to conserve memory)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]139find - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]140findfs - suid
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]141flash_eraseall - hardware
142flash_lock - hardware
143flash_unlock - hardware
144flashcp - hardware
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]145flock - spawner, changes state (file locks), let's play safe and not be noexec
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]146fold - noexec. runner
Denys Vlasenko318c8112017-10-05 14:06:49 +0200[diff] [blame]147free - NOFORK
Denys Vlasenkoec98e3a2017-08-07 23:17:14 +0200[diff] [blame]148freeramdisk - noexec. leaks: open+ioctl_or_perror_and_die
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]149fsck - interactive, longterm
Denys Vlasenko65147852017-08-04 19:16:01 +0200[diff] [blame]150fsck.minix - needs ^C
Denys Vlasenko9f598492017-08-05 01:29:12 +0200[diff] [blame]151fsfreeze - noexec. leaks: open+xioctl
152fstrim - noexec. leaks: open+xioctl, find_block_device -> readdir+xstrdup
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]153fsync - NOFORK
154ftpd - daemon
155ftpget - runner
156ftpput - runner
157fuser - complex
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]158getopt - noexec. leaks: many allocs
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]159getty - interactive, longterm
160grep - longterm runner ("CMD | grep ..." may run indefinitely, better to exec to conserve memory)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]161groups - noexec
162gunzip - runner
163gzip - runner
164halt - rare
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]165hd - noexec. runner
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]166hdparm - hardware
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]167head - noexec. runner
168hexdump - noexec. runner
Denys Vlasenkoc3e60e12017-09-18 14:34:15 +0200[diff] [blame]169hexedit - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]170hostid - NOFORK
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]171hostname - noexec. talks to network (hostname -d may query DNS)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]172httpd - daemon
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]173hush - interactive, longterm
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]174hwclock - hardware (xioctl(RTC_RD_TIME))
175i2cdetect - hardware
176i2cdump - hardware
177i2cget - hardware
178i2cset - hardware
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]179id - noexec
Denys Vlasenkoae844182017-08-07 23:14:49 +0200[diff] [blame]180ifconfig - hardware? (mem_start NN io_addr NN irq NN), leaks: xsocket+ioctl_or_perror_and_die
181ifenslave - noexec. leaks: xsocket+bb_perror_msg_and_die
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]182ifplugd - daemon
183inetd - daemon
184init - daemon
185inotifyd - daemon
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200[diff] [blame]186insmod - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]187install - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]188ionice - noexec. spawner
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]189iostat - longterm: "iostat 1" runs indefinitely
Denys Vlasenkob63afea2017-09-18 15:45:13 +0200[diff] [blame]190ip - noexec
191ipaddr - noexec
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]192ipcalc - noexec. ipcalc -h talks to network
Denys Vlasenko3bc23172017-08-09 19:51:17 +0200[diff] [blame]193ipcrm - noexec
194ipcs - noexec
Denys Vlasenkob63afea2017-09-18 15:45:13 +0200[diff] [blame]195iplink - noexec
196ipneigh - noexec
197iproute - noexec
198iprule - noexec
199iptunnel - noexec
Denys Vlasenko9a58cc02017-08-06 12:28:00 +0200[diff] [blame]200kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]201kill - NOFORK
202killall - NOFORK
203killall5 - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]204klogd - daemon
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]205last - runner (I've got 1300 lines of output when tried it)
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]206less - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]207link - NOFORK
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]208linux32 - noexec. spawner
209linux64 - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]210linuxrc - daemon
211ln - noexec
Denys Vlasenko1b280e42017-08-06 19:05:45 +0200[diff] [blame]212loadfont - noexec. leaks: config_open+bb_error_msg_and_die("map format")
Denys Vlasenkoff53bee2017-08-05 02:02:31 +0200[diff] [blame]213loadkmap - noexec. leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]214logger - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]215login - suid, interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]216logname - NOFORK
Denys Vlasenkoae844182017-08-07 23:14:49 +0200[diff] [blame]217losetup - noexec. complex
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]218lpd - daemon
219lpq - runner
220lpr - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]221ls - noexec. runner
Denys Vlasenko99125c02017-08-05 20:38:04 +0200[diff] [blame]222lsattr - noexec. runner
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200[diff] [blame]223lsmod - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]224lsof - complex
Denys Vlasenko3239ab82017-08-05 23:28:19 +0200[diff] [blame]225lspci - noexec. too rare to bother for nofork
226lsscsi - noexec. too rare to bother for nofork
227lsusb - noexec. too rare to bother for nofork
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]228lzcat - runner
229lzma - runner
230lzop - runner
231lzopcat - runner
Denys Vlasenko9536ef72017-08-06 21:47:07 +0200[diff] [blame]232makedevs - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]233makemime - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]234man - spawner, interactive, longterm
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]235md5sum - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]236mdev - daemon
Denys Vlasenko65147852017-08-04 19:16:01 +0200[diff] [blame]237mesg - NOFORK
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]238microcom - interactive, longterm
Denys Vlasenkoc3e60e12017-09-18 14:34:15 +0200[diff] [blame]239minips - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]240mkdir - NOFORK
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]241mkdosfs - needs ^C
242mke2fs - needs ^C
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]243mkfifo - noexec
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]244mkfs.ext2 - needs ^C
245mkfs.minix - needs ^C
246mkfs.vfat - needs ^C
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]247mknod - noexec
Denys Vlasenkofeb79e82017-08-05 02:08:23 +0200[diff] [blame]248mkpasswd - noexec. changes state: with --password-fd=N, moves N to stdin
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]249mkswap - needs ^C
Denys Vlasenko6bec24c2017-08-04 17:39:05 +0200[diff] [blame]250mktemp - noexec. leaks: xstrdup+concat_path_file
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200[diff] [blame]251modinfo - noexec
252modprobe - noexec
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]253more - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]254mount - suid
Denys Vlasenko9f598492017-08-05 01:29:12 +0200[diff] [blame]255mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup
Denys Vlasenkoa759b222017-08-06 14:15:24 +0200[diff] [blame]256mpstat - longterm: "mpstat 1" runs indefinitely
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]257mt - hardware
Denys Vlasenko88663e42018-01-14 14:41:52 +0100[diff] [blame]258mv - noexec. sometimes runner
Denys Vlasenkoa759b222017-08-06 14:15:24 +0200[diff] [blame]259nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die
Denys Vlasenkobfc66d42017-08-06 21:53:39 +0200[diff] [blame]260nbd-client - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]261nc - runner
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]262netstat - longterm with -c (continuous listing)
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200[diff] [blame]263nice - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]264nl - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]265nmeter - longterm
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]266nohup - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]267nproc - NOFORK
268ntpd - daemon
Denys Vlasenkoc3e60e12017-09-18 14:34:15 +0200[diff] [blame]269nuke - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]270od - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]271openvt - longterm: spawns a child and waits for it
Denys Vlasenko9c49d6e2017-08-05 01:46:39 +0200[diff] [blame]272partprobe - noexec. leaks: open+ioctl_or_perror_and_die(BLKRRPART)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]273passwd - suid
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]274paste - noexec. runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]275patch - needs ^C
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]276pgrep - must fork+exec to get correct /proc/PID/cmdline and comm field
277pidof - must fork+exec to get correct /proc/PID/cmdline and comm field
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]278ping - suid, longterm
279ping6 - suid, longterm
Denys Vlasenko65147852017-08-04 19:16:01 +0200[diff] [blame]280pipe_progress - longterm
Denys Vlasenkofdb92352017-08-05 01:51:12 +0200[diff] [blame]281pivot_root - NOFORK
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]282pkill - must fork+exec to get correct /proc/PID/cmdline and comm field
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]283pmap - noexec candidate, leaks: open+xstrdup
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]284popmaildir - runner
285poweroff - rare
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]286powertop - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]287printenv - NOFORK
288printf - NOFORK
Denys Vlasenko9a6f62f2017-08-10 14:15:52 +0200[diff] [blame]289ps - noexec
290pscan - talks to network
Denys Vlasenko00c18112017-08-05 22:25:00 +0200[diff] [blame]291pstree - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]292pwd - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]293pwdx - NOFORK
Denys Vlasenkoa894a4b2017-08-06 19:08:46 +0200[diff] [blame]294raidautorun - noexec. very simple. leaks: open+xioctl
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]295rdate - talks to network
296rdev - noexec. leaks: find_block_device -> readdir+xstrdup
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]297readlink - NOFORK
Denys Vlasenko9536ef72017-08-06 21:47:07 +0200[diff] [blame]298readprofile - reads /boot/System.map and /proc/profile, better to free more memory by execing?
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]299realpath - NOFORK
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]300reboot - rare
301reformime - runner
Denys Vlasenko7b8372b2017-08-07 00:28:15 +0200[diff] [blame]302remove-shell - noexec. leaks: open+xfunc
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]303renice - noexec. nofork candidate(uses getpwnam, is that ok?)
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200[diff] [blame]304reset - noexec. spawner (execs "stty")
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]305resize - noexec. changes state (signal handlers)
Denys Vlasenkoc3e60e12017-09-18 14:34:15 +0200[diff] [blame]306resume - noexec
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]307rev - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]308rm - noexec. rm -i interactive
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]309rmdir - NOFORK
Denys Vlasenko3346b4a2017-08-04 02:56:39 +0200[diff] [blame]310rmmod - noexec
Denys Vlasenko90ad4ba2017-08-08 00:42:15 +0200[diff] [blame]311route - talks to network (may query DNS to convert IPs to names)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]312rpm - runner
313rpm2cpio - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]314rtcwake - longterm: puts system to sleep, optimizing this for speed is pointless
Denys Vlasenkoc3e60e12017-09-18 14:34:15 +0200[diff] [blame]315run-init - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
Denys Vlasenkoa894a4b2017-08-06 19:08:46 +0200[diff] [blame]316run-parts - longterm
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]317runlevel - noexec. can be nofork if "endutxent()" is called unconditionally, but too rare to bother?
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]318runsv - daemon
319runsvdir - daemon
320rx - runner
Denys Vlasenkodd55d5d2017-08-07 01:53:17 +0200[diff] [blame]321script - longterm: pumps script output from slave pty
322scriptreplay - longterm: plays back "script" saved output, sleeping as necessary.
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]323sed - runner
324sendmail - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]325seq - noexec. runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]326setarch - noexec. spawner
Denys Vlasenko5cb907f2017-08-06 18:56:25 +0200[diff] [blame]327setconsole - noexec
Denys Vlasenkoc3e60e12017-09-18 14:34:15 +0200[diff] [blame]328setfattr - noexec
Denys Vlasenko1b280e42017-08-06 19:05:45 +0200[diff] [blame]329setfont - noexec. leaks a lot of stuff
Denys Vlasenkob83db4d2017-08-06 18:29:25 +0200[diff] [blame]330setkeycodes - noexec
Denys Vlasenko341ce0a2017-08-06 18:17:58 +0200[diff] [blame]331setlogcons - noexec
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]332setpriv - spawner, changes state, let's play safe and not be noexec
Denys Vlasenko97b738d2017-08-06 18:06:46 +0200[diff] [blame]333setserial - noexec
Denys Vlasenko22627462017-08-06 17:14:09 +0200[diff] [blame]334setsid - spawner, uses fork_or_rexec() [not audited to work in noexec], let's play safe and not be noexec
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]335setuidgid - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]336sha1sum - noexec. runner
337sha256sum - noexec. runner
338sha3sum - noexec. runner
339sha512sum - noexec. runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]340showkey - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]341shred - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]342shuf - noexec. runner
Denys Vlasenko22627462017-08-06 17:14:09 +0200[diff] [blame]343slattach - longterm (may sleep forever), uses bb_common_bufsiz1
Denys Vlasenko3bc23172017-08-09 19:51:17 +0200[diff] [blame]344sleep - longterm. Could be nofork, if not the problem of "killall sleep" not killing it.
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]345smemcap - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]346softlimit - noexec. spawner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]347sort - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]348split - runner
Denys Vlasenko947b2392017-08-04 18:36:55 +0200[diff] [blame]349ssl_client - longterm
Denys Vlasenko184c7382017-08-06 20:55:56 +0200[diff] [blame]350start-stop-daemon - not noexec: uses bb_common_bufsiz1
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]351stat - noexec. nofork candidate(needs fewer allocs)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]352strings - runner
Denys Vlasenko692eeb82017-08-04 20:07:19 +0200[diff] [blame]353stty - noexec. nofork candidate: has no allocs or opens except xmove_fd(xopen("-F DEVICE"),STDIN). tcsetattr(STDIN) is not a problem: it would work the same across processes sharing this fd
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]354su - suid, spawner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]355sulogin - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]356sum - runner
Denys Vlasenkoa453ca52017-08-05 01:42:08 +0200[diff] [blame]357sv - noexec. needs ^C (uses usleep(420000))
358svc - noexec. needs ^C (uses usleep(420000))
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]359svlogd - daemon
Denys Vlasenko248a67f2017-08-07 18:18:09 +0200[diff] [blame]360swapoff - longterm: may cause memory pressure, execing is beneficial
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]361swapon - rare
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]362switch_root - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]363sync - NOFORK
Denys Vlasenkocaf26b32017-08-05 18:23:10 +0200[diff] [blame]364sysctl - noexec. leaks: xstrdup+xmalloc_read
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]365syslogd - daemon
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]366tac - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]367tail - runner
368tar - runner
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]369taskset - noexec. spawner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]370tcpsvd - daemon
371tee - runner
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]372telnet - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]373telnetd - daemon
374test - NOFORK
375tftp - runner
376tftpd - daemon
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]377time - spawner, longterm, changes state (signals)
378timeout - spawner, longterm, changes state (signals)
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]379top - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]380touch - NOFORK
381tr - runner
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]382traceroute - suid, longterm
383traceroute6 - suid, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]384true - NOFORK
385truncate - NOFORK
386tty - NOFORK
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]387ttysize - NOFORK
Denys Vlasenko9a58cc02017-08-06 12:28:00 +0200[diff] [blame]388tunctl - noexec
Denys Vlasenko99125c02017-08-05 20:38:04 +0200[diff] [blame]389tune2fs - noexec. leaks: open+xfunc
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]390ubiattach - hardware
391ubidetach - hardware
392ubimkvol - hardware
393ubirename - hardware
394ubirmvol - hardware
395ubirsvol - hardware
396ubiupdatevol - hardware
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]397udhcpc - daemon
398udhcpd - daemon
399udpsvd - daemon
400uevent - daemon
Denys Vlasenko83a6c8d2017-08-05 23:21:02 +0200[diff] [blame]401umount - noexec. leaks: nested xmalloc
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]402uname - NOFORK
403uncompress - runner
404unexpand - runner
405uniq - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]406unix2dos - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]407unlink - NOFORK
408unlzma - runner
409unlzop - runner
410unxz - runner
411unzip - runner
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]412uptime - noexec. nofork candidate(is getutxent ok?)
413users - noexec. nofork candidate(is getutxent ok?)
Denys Vlasenko3bc23172017-08-09 19:51:17 +0200[diff] [blame]414usleep - NOFORK. But what about "killall usleep"?
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]415uudecode - runner
416uuencode - runner
Denys Vlasenkoa4d4ab02017-08-09 18:52:19 +0200[diff] [blame]417vconfig - noexec. leaks: xsocket+ioctl_or_perror_and_die
Denys Vlasenko74c05f52017-08-04 17:36:16 +0200[diff] [blame]418vi - interactive, longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]419vlock - suid
Denys Vlasenkoae844182017-08-07 23:14:49 +0200[diff] [blame]420volname - hardware (reads CDROM, this can take long-ish if need to spin up)
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]421w - noexec. nofork candidate(is getutxent ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]422wall - suid
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]423watch - longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]424watchdog - daemon
425wc - runner
Denys Vlasenko83d77852017-08-04 17:59:46 +0200[diff] [blame]426wget - longterm
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]427which - NOFORK
Denys Vlasenko1a1203f2017-08-07 16:47:34 +0200[diff] [blame]428who - noexec. nofork candidate(is getutxent ok?)
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]429whoami - NOFORK
Denys Vlasenko8858a982017-08-08 01:21:49 +0200[diff] [blame]430whois - talks to network
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]431xargs - noexec. spawner
432xxd - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]433xz - runner
434xzcat - runner
Denys Vlasenko39194f02017-08-03 19:00:01 +0200[diff] [blame]435yes - noexec. runner
Denys Vlasenko819b47a2017-08-03 03:29:32 +0200[diff] [blame]436zcat - runner
437zcip - daemon