diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-09-18 15:45:13 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-09-18 15:45:13 +0200 |
| commit | b63afead4411c5832d427ed149683c85cc81a4c9 (patch) | |
| tree | a137db4764d05f8b6726e23c0c74979e5de7b88f | |
| parent | c3e60e1e9a66b45794e04e9a0a39d1c012780930 (diff) | |
| download | busybox-b63afead4411c5832d427ed149683c85cc81a4c9.tar.gz | |
ip,ip*: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | NOFORK_NOEXEC.lst | 14 | ||||
| -rw-r--r-- | networking/ip.c | 14 |
2 files changed, 14 insertions, 14 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index e787a346d..4e53d7204 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -187,16 +187,16 @@ insmod - noexec install - runner ionice - noexec. spawner iostat - longterm: "iostat 1" runs indefinitely -ip - noexec candidate -ipaddr - noexec candidate +ip - noexec +ipaddr - noexec ipcalc - noexec. ipcalc -h talks to network ipcrm - noexec ipcs - noexec -iplink - noexec candidate -ipneigh - noexec candidate -iproute - noexec candidate -iprule - noexec candidate -iptunnel - noexec candidate +iplink - noexec +ipneigh - noexec +iproute - noexec +iprule - noexec +iptunnel - noexec kbd_mode - noexec. leaks: xopen_nonblocking+xioctl kill - NOFORK killall - NOFORK diff --git a/networking/ip.c b/networking/ip.c index 8aaeef0db..0bc0edc57 100644 --- a/networking/ip.c +++ b/networking/ip.c @@ -126,13 +126,13 @@ //config: Ethernet, wireless, infrared, ppp/slip, ip tunnelling //config: link types are supported without this option selected. -//applet:IF_IP(APPLET(ip, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPADDR(APPLET(ipaddr, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPLINK(APPLET(iplink, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPROUTE(APPLET(iproute, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPRULE(APPLET(iprule, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPTUNNEL(APPLET(iptunnel, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPNEIGH(APPLET(ipneigh, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_IP( APPLET_NOEXEC(ip , ip , BB_DIR_SBIN, BB_SUID_DROP, ip )) +//applet:IF_IPADDR( APPLET_NOEXEC(ipaddr , ipaddr , BB_DIR_SBIN, BB_SUID_DROP, ipaddr )) +//applet:IF_IPLINK( APPLET_NOEXEC(iplink , iplink , BB_DIR_SBIN, BB_SUID_DROP, iplink )) +//applet:IF_IPROUTE( APPLET_NOEXEC(iproute , iproute , BB_DIR_SBIN, BB_SUID_DROP, iproute )) +//applet:IF_IPRULE( APPLET_NOEXEC(iprule , iprule , BB_DIR_SBIN, BB_SUID_DROP, iprule )) +//applet:IF_IPTUNNEL(APPLET_NOEXEC(iptunnel, iptunnel, BB_DIR_SBIN, BB_SUID_DROP, iptunnel)) +//applet:IF_IPNEIGH( APPLET_NOEXEC(ipneigh , ipneigh , BB_DIR_SBIN, BB_SUID_DROP, ipneigh )) //kbuild:lib-$(CONFIG_IP) += ip.o //kbuild:lib-$(CONFIG_IPADDR) += ip.o |