This patch adds an experimental configuration option to allow the applet_execvpe function to treat all applets as if they were NOEXEC.
This is experimental, as noted in the configuration description. Signed-off-by: Nadav Tasher <[email protected]> --- Config.in | 12 ++++++++++++ libbb/executable.c | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Config.in b/Config.in index b1dfe98c1..7c5ebc39e 100644 --- a/Config.in +++ b/Config.in @@ -320,6 +320,18 @@ config FEATURE_FORCE_APPLETS This feature extends the "exec prefers applets" feature. +config FEATURE_ALWAYS_NOEXEC + bool "all applets support NOEXEC (experimental)" + default n + depends on FEATURE_PREFER_APPLETS + help + This is an experimental option which makes all applets support NOEXEC + invocation. + There are good reasons for why applets are not marked as NOEXEC, + but for some usecases these reasons do not apply. + + This feature extends the "exec prefers applets" feature. + config BUSYBOX_EXEC_PATH string "Path to busybox executable" default "/proc/self/exe" diff --git a/libbb/executable.c b/libbb/executable.c index 6092b37fa..4735593a5 100644 --- a/libbb/executable.c +++ b/libbb/executable.c @@ -84,7 +84,7 @@ int FAST_FUNC applet_execve(const char *name, char *const argv[], char *const en #if ENABLE_FEATURE_PREFER_APPLETS int applet = find_applet_by_name(name); if (applet >= 0) { - if (APPLET_IS_NOEXEC(applet)) { + if (ENABLE_FEATURE_ALWAYS_NOEXEC || APPLET_IS_NOEXEC(applet)) { /* since run_noexec_applet_and_exit takes char **argv, * we need to copy argv to a new heap-allocated array. */ char **copied_argv, *const *temporary_argv; -- 2.43.0 _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
