aboutsummaryrefslogtreecommitdiff
path: root/loginutils
diff options
context:
space:
mode:
authorGravatar Denys Vlasenko <vda.linux@googlemail.com>2017-08-04 19:55:01 +0200
committerGravatar Denys Vlasenko <vda.linux@googlemail.com>2017-08-04 19:55:01 +0200
commit5c527dc57e74c1b60c910dc1a3f3ec9683fca43d (patch)
tree03bbbda1f4869c079f381bea45c1cdbf6fcd35a7 /loginutils
parent6514785f95878911b3ec88e2367234df74c14cd4 (diff)
downloadbusybox-5c527dc57e74c1b60c910dc1a3f3ec9683fca43d.tar.gz
busybox-5c527dc57e74c1b60c910dc1a3f3ec9683fca43d.tar.bz2
make 17 state-changing execing applets (ex: "nice PROG ARGS") noexec
The applets with "<applet> [opts] PROG ARGS" API very quickly exec another program, noexec is okay for them: chpst/envdir/envuidgid/softlimit/setuidgid chroot chrt ionice nice nohup setarch/linux32/linux64 taskset cttyhack "reset" and "sulogin" applets don't have this form, but also exec another program at once, thus made noexec too. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'loginutils')
-rw-r--r--loginutils/sulogin.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index d5a463cac..27ea5dff0 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -12,7 +12,7 @@
//config: sulogin is invoked when the system goes into single user
//config: mode (this is done through an entry in inittab).
-//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_SULOGIN(APPLET_NOEXEC(sulogin, sulogin, BB_DIR_SBIN, BB_SUID_DROP, sulogin))
//kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o
@@ -34,7 +34,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
/* Note: sulogin is not a suid app. It is meant to be run by init
* for single user / emergency mode. init starts it as root.
- * Normal users (potentially malisious ones) can only run it under
+ * Normal users (potentially malicious ones) can only run it under
* their UID, therefore no paranoia here is warranted:
* $LD_LIBRARY_PATH in env, TTY = /dev/sda
* are no more dangerous here than in e.g. cp applet.