tunctl: make it NOEXEC

author Denys Vlasenko <vda.linux@googlemail.com>

Sun, 6 Aug 2017 10:28:00 +0000 (12:28 +0200)

committer Denys Vlasenko <vda.linux@googlemail.com>

Sun, 6 Aug 2017 10:28:00 +0000 (12:28 +0200)
author Denys Vlasenko <vda.linux@googlemail.com>
Sun, 6 Aug 2017 10:28:00 +0000 (12:28 +0200)
committer Denys Vlasenko <vda.linux@googlemail.com>
Sun, 6 Aug 2017 10:28:00 +0000 (12:28 +0200)
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst

index c605302d9d09862c57b2bc79e9e06aa829903aa7..45b178ca8db67a86e0284d861911b78c75ed9596 100644 (file)
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -182,7 +182,7 @@ ipneigh - noexec candidate
  iproute - noexec candidate
  iprule - noexec candidate
  iptunnel - noexec candidate
-kbd_mode - leaks: xopen_nonblocking+xioctl
+kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
  kill - NOFORK
  killall - NOFORK
  killall5 - NOFORK
@@ -365,7 +365,7 @@ true - NOFORK
  truncate - NOFORK
  tty - NOFORK
  ttysize - NOFORK
-tunctl
+tunctl - noexec
  tune2fs - noexec. leaks: open+xfunc
  ubiattach
  ubidetach
diff --git a/networking/tunctl.c b/networking/tunctl.c

index 0a26ff7fb3fde93966f64e22691e91395a32234a..4c3220025ce81d51126b464aed108b8f37310121 100644 (file)
--- a/networking/tunctl.c
+++ b/networking/tunctl.c
@@ -24,7 +24,7 @@
  //config:      Allow to specify owner and group of newly created interface.
  //config:      340 bytes of pure bloat. Say no here.
  
-//applet:IF_TUNCTL(APPLET(tunctl, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_TUNCTL(APPLET_NOEXEC(tunctl, tunctl, BB_DIR_SBIN, BB_SUID_DROP, tunctl))
  
  //kbuild:lib-$(CONFIG_TUNCTL) += tunctl.o
author	Denys Vlasenko <vda.linux@googlemail.com>
	Sun, 6 Aug 2017 10:28:00 +0000 (12:28 +0200)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Sun, 6 Aug 2017 10:28:00 +0000 (12:28 +0200)
NOFORK_NOEXEC.lst		patch \| blob \| history
networking/tunctl.c		patch \| blob \| history