This patch adds an experimental configuration option to allow the
BB_EXECVPE function to treat all applets as if they were NOEXEC.
This is experimental, as noted in the configuration description.
Signed-off-by: Nadav Tasher <tasherna...@gmail.com>
---
Config.in | 12 ++++++++++++
libbb/executable.c | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/Config.in b/Config.in
index 9d40431ee..96c220772 100644
--- a/Config.in
+++ b/Config.in
@@ -321,6 +321,18 @@ config FEATURE_FORCE_APPLETS
This feature extends the "exec prefers applets" feature.
+config FEATURE_ALWAYS_NOEXEC
+ bool "all applets support NOEXEC (experimental)"
+ default n
+ depends on FEATURE_PREFER_APPLETS
+ help
+ This is an experimental option which makes all applets support NOEXEC
+ invocation.
+ There are good reasons for why applets are not marked as NOEXEC,
+ but for some usecases these reasons do not apply.
+
+ This feature extends the "exec prefers applets" feature.
+
config BUSYBOX_EXEC_PATH
string "Path to busybox executable"
default "/proc/self/exe"
diff --git a/libbb/executable.c b/libbb/executable.c
index eec2ef42d..676f01dfc 100644
--- a/libbb/executable.c
+++ b/libbb/executable.c
@@ -84,7 +84,7 @@ int FAST_FUNC BB_APPLET_EXECVE(const char *name, char *const
argv[], char *const
#if ENABLE_FEATURE_PREFER_APPLETS
int applet = find_applet_by_name(name);
if (applet >= 0) {
- if (APPLET_IS_NOEXEC(applet)) {
+ if (ENABLE_FEATURE_ALWAYS_NOEXEC || APPLET_IS_NOEXEC(applet)) {
/* since run_noexec_applet_and_exit takes char **argv,
* we need to copy argv to a new heap-allocated array.
*/
char **copied_argv, *const *temporary_argv;
--
2.43.0
_______________________________________________
busybox mailing list
busybox@busybox.net
https://lists.busybox.net/mailman/listinfo/busybox
