пре 6 година · 3346b4afc5
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -156,7 +156,7 @@ ifplugd - daemon
 
				 inetd - daemon
			
 
				 init - daemon
			
 
				 inotifyd - daemon
			
 
				-insmod
			
 
				+insmod - noexec
			
 
				 install - runner
			
 
				 ionice - spawner
			
 
				 iostat - runner
			
@@ -193,7 +193,7 @@ lpq - runner
 
				 lpr - runner
			
 
				 ls - noexec. runner
			
 
				 lsattr
			
 
				-lsmod
			
 
				+lsmod - noexec
			
 
				 lsof - complex
			
 
				 lspci
			
 
				 lsscsi
			
@@ -220,8 +220,8 @@ mknod - noexec
 
				 mkpasswd
			
 
				 mkswap
			
 
				 mktemp
			
 
				-modinfo
			
 
				-modprobe
			
 
				+modinfo - noexec
			
 
				+modprobe - noexec
			
 
				 more - interactive
			
 
				 mount - suid
			
 
				 mountpoint
			
@@ -277,7 +277,7 @@ resize - noexec. changes state (signal handlers)
 
				 rev - runner
			
 
				 rm - noexec. rm -i interactive
			
 
				 rmdir - NOFORK
			
 
				-rmmod
			
 
				+rmmod - noexec
			
 
				 route
			
 
				 rpm - runner
			
 
				 rpm2cpio - runner
			
--- a/modutils/insmod.c
+++ b/modutils/insmod.c
@@ -13,7 +13,7 @@
 
				 //config:	help
			
 
				 //config:	insmod is used to load specified modules in the running kernel.
			
 
				 
			
 
				-//applet:IF_INSMOD(IF_NOT_MODPROBE_SMALL(APPLET(insmod, BB_DIR_SBIN, BB_SUID_DROP)))
			
 
				+//applet:IF_INSMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(insmod, insmod, BB_DIR_SBIN, BB_SUID_DROP, insmod)))
			
 
				 
			
 
				 //kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
			
 
				 //kbuild:lib-$(CONFIG_INSMOD) += insmod.o modutils.o
			
--- a/modutils/lsmod.c
+++ b/modutils/lsmod.c
@@ -23,7 +23,7 @@
 
				 //config:	the format of module-init-tools for Linux kernel 2.6.
			
 
				 //config:	Increases size somewhat.
			
 
				 
			
 
				-//applet:IF_LSMOD(IF_NOT_MODPROBE_SMALL(APPLET(lsmod, BB_DIR_SBIN, BB_SUID_DROP)))
			
 
				+//applet:IF_LSMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(lsmod, lsmod, BB_DIR_SBIN, BB_SUID_DROP, lsmod)))
			
 
				 
			
 
				 //kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
			
 
				 //kbuild:lib-$(CONFIG_LSMOD) += lsmod.o modutils.o
			
--- a/modutils/modinfo.c
+++ b/modutils/modinfo.c
@@ -12,7 +12,7 @@
 
				 //config:	help
			
 
				 //config:	Show information about a Linux Kernel module
			
 
				 
			
 
				-//applet:IF_MODINFO(APPLET(modinfo, BB_DIR_SBIN, BB_SUID_DROP))
			
 
				+//applet:IF_MODINFO(APPLET_NOEXEC(modinfo, modinfo, BB_DIR_SBIN, BB_SUID_DROP, modinfo))
			
 
				 
			
 
				 //kbuild:lib-$(CONFIG_MODINFO) += modinfo.o modutils.o
			
 
				 
			
--- a/modutils/modprobe-small.c
+++ b/modutils/modprobe-small.c
@@ -11,12 +11,15 @@
 
				 /* modprobe-small configs are defined in Config.src to ensure better
			
 
				  * "make config" order */
			
 
				 
			
 
				-//applet:IF_LSMOD(   IF_MODPROBE_SMALL(APPLET(lsmod,    BB_DIR_SBIN, BB_SUID_DROP)))
			
 
				-//applet:IF_MODPROBE(IF_MODPROBE_SMALL(APPLET(modprobe, BB_DIR_SBIN, BB_SUID_DROP)))
			
 
				-//                                   APPLET_ODDNAME:name    main      location     suid_type     help
			
 
				-//applet:IF_DEPMOD(IF_MODPROBE_SMALL(APPLET_ODDNAME(depmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, depmod)))
			
 
				-//applet:IF_INSMOD(IF_MODPROBE_SMALL(APPLET_ODDNAME(insmod, modprobe, BB_DIR_SBIN, BB_SUID_DROP, insmod)))
			
 
				-//applet:IF_RMMOD( IF_MODPROBE_SMALL(APPLET_ODDNAME(rmmod,  modprobe, BB_DIR_SBIN, BB_SUID_DROP, rmmod)))
			
 
				+//applet:IF_LSMOD(   IF_MODPROBE_SMALL(APPLET_NOEXEC( lsmod,    lsmod,    BB_DIR_SBIN, BB_SUID_DROP, lsmod   )))
			
 
				+//applet:IF_MODPROBE(IF_MODPROBE_SMALL(APPLET_NOEXEC( modprobe, modprobe, BB_DIR_SBIN, BB_SUID_DROP, modprobe)))
			
 
				+//                                     APPLET_ODDNAME:name      main      location     suid_type     help
			
 
				+//applet:IF_DEPMOD(  IF_MODPROBE_SMALL(APPLET_ODDNAME(depmod,   modprobe, BB_DIR_SBIN, BB_SUID_DROP, depmod  )))
			
 
				+//applet:IF_INSMOD(  IF_MODPROBE_SMALL(APPLET_NOEXEC( insmod,   modprobe, BB_DIR_SBIN, BB_SUID_DROP, insmod  )))
			
 
				+//applet:IF_RMMOD(   IF_MODPROBE_SMALL(APPLET_NOEXEC( rmmod,    modprobe, BB_DIR_SBIN, BB_SUID_DROP, rmmod   )))
			
 
				+/* noexec speeds up boot with many modules loaded (need SH_STANDALONE=y) */
			
 
				+/* I measured about ~5 times faster insmod */
			
 
				+/* depmod is not noexec, it runs longer and benefits from memory trimming via exec */
			
 
				 
			
 
				 //kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o
			
 
				 
			
--- a/modutils/modprobe.c
+++ b/modutils/modprobe.c
@@ -26,7 +26,7 @@
 
				 //config:	hardware autodetection scripts to load modules like evdev, frame
			
 
				 //config:	buffer drivers etc.
			
 
				 
			
 
				-//applet:IF_MODPROBE(IF_NOT_MODPROBE_SMALL(APPLET(modprobe, BB_DIR_SBIN, BB_SUID_DROP)))
			
 
				+//applet:IF_MODPROBE(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(modprobe, modprobe, BB_DIR_SBIN, BB_SUID_DROP, modprobe)))
			
 
				 
			
 
				 //kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
			
 
				 //kbuild:lib-$(CONFIG_MODPROBE) += modprobe.o modutils.o
			
--- a/modutils/rmmod.c
+++ b/modutils/rmmod.c
@@ -14,7 +14,7 @@
 
				 //config:	help
			
 
				 //config:	rmmod is used to unload specified modules from the kernel.
			
 
				 
			
 
				-//applet:IF_RMMOD(IF_NOT_MODPROBE_SMALL(APPLET(rmmod, BB_DIR_SBIN, BB_SUID_DROP)))
			
 
				+//applet:IF_RMMOD(IF_NOT_MODPROBE_SMALL(APPLET_NOEXEC(rmmod, rmmod, BB_DIR_SBIN, BB_SUID_DROP, rmmod)))
			
 
				 
			
 
				 //kbuild:ifneq ($(CONFIG_MODPROBE_SMALL),y)
			
 
				 //kbuild:lib-$(CONFIG_RMMOD) += rmmod.o modutils.o