From caf26b36f3c11f6b5c8f8ab2bf829d14e4e6980e Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sat, 5 Aug 2017 18:23:10 +0200 Subject: sysctl: make it NOEXEC Signed-off-by: Denys Vlasenko --- NOFORK_NOEXEC.lst | 2 +- procps/sysctl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 1bb571b9c..78d06f3f5 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -341,7 +341,7 @@ swapoff - rare swapon - rare switch_root - spawner, rare, changes state (oh yes), execing may be important to free binary's inode sync - NOFORK -sysctl - noexec candidate, leaks: xstrdup+xmalloc_read +sysctl - noexec. leaks: xstrdup+xmalloc_read syslogd - daemon tac - noexec. runner tail - runner diff --git a/procps/sysctl.c b/procps/sysctl.c index a42a91247..827e09cce 100644 --- a/procps/sysctl.c +++ b/procps/sysctl.c @@ -16,7 +16,7 @@ //config: help //config: Configure kernel parameters at runtime. -//applet:IF_BB_SYSCTL(APPLET(sysctl, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_BB_SYSCTL(APPLET_NOEXEC(sysctl, sysctl, BB_DIR_SBIN, BB_SUID_DROP, sysctl)) //kbuild:lib-$(CONFIG_BB_SYSCTL) += sysctl.o -- cgit v1.2.3