This patch adds an experimental configuration option to allow the
applet_execvpe function to treat all applets as if they were NOEXEC.
This is experimental, as noted in the configuration description.
Signed-off-by: Nadav Tasher <tasherna...@gmail.com>
---
Config.in | 12 ++++++++++++
libbb/executable.c | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/Config.in b/Config.in
index b1dfe98c1..b21940b04 100644
--- a/Config.in
+++ b/Config.in
@@ -320,6 +320,18 @@ config FEATURE_FORCE_APPLETS
This feature extends the "exec prefers applets" feature.
+config FEATURE_ALWAYS_NOEXEC
+ bool "all applets support NOEXEC (experimental)"
+ default n
+ depends on FEATURE_PREFER_APPLETS && !NOMMU
+ help
+ This is an experimental option which makes all applets support NOEXEC
+ invocation.
+ There are good reasons for why applets are not marked as NOEXEC,
+ but for some usecases these reasons do not apply.
+
+ This feature extends the "exec prefers applets" feature.
+
config BUSYBOX_EXEC_PATH
string "Path to busybox executable"
default "/proc/self/exe"
diff --git a/libbb/executable.c b/libbb/executable.c
index dcd2613f0..d5a941a46 100644
--- a/libbb/executable.c
+++ b/libbb/executable.c
@@ -88,7 +88,7 @@ int FAST_FUNC applet_execve(const char *name, char *const
argv[], char *const en
* since vfork() requires the child to exec() or _exit() for the
* parent to resume, running applets with NOEXEC and vfork()
* may result in deadlocks, as exec() will never be called. */
- if (BB_MMU && APPLET_IS_NOEXEC(applet)) {
+ if (BB_MMU && (ENABLE_FEATURE_ALWAYS_NOEXEC ||
APPLET_IS_NOEXEC(applet))) {
/* since run_noexec_applet_and_exit takes char **argv,
* we need to copy argv to a new heap-allocated array.
*/
char **copied_argv = clone_string_array(argv);
--
2.43.0
_______________________________________________
busybox mailing list
busybox@busybox.net
https://lists.busybox.net/mailman/listinfo/busybox
