sysctl: make it NOEXEC

author Denys Vlasenko <vda.linux@googlemail.com>

Sat, 5 Aug 2017 16:23:10 +0000 (18:23 +0200)

committer Denys Vlasenko <vda.linux@googlemail.com>

Sat, 5 Aug 2017 16:23:10 +0000 (18:23 +0200)
author Denys Vlasenko <vda.linux@googlemail.com>
Sat, 5 Aug 2017 16:23:10 +0000 (18:23 +0200)
committer Denys Vlasenko <vda.linux@googlemail.com>
Sat, 5 Aug 2017 16:23:10 +0000 (18:23 +0200)
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst

index 1bb571b9cd25856cd0b2af1e3de593eb43714879..78d06f3f51bc6840acd8457ac49021d51de6d732 100644 (file)
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -341,7 +341,7 @@ swapoff - rare
  swapon - rare
  switch_root - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
  sync - NOFORK
-sysctl - noexec candidate, leaks: xstrdup+xmalloc_read
+sysctl - noexec. leaks: xstrdup+xmalloc_read
  syslogd - daemon
  tac - noexec. runner
  tail - runner
diff --git a/procps/sysctl.c b/procps/sysctl.c

index a42a91247b8b0ee8f84e1ce3225068fc42d684b5..827e09cce092880d163cc1c0c706f3115a229b57 100644 (file)
--- a/procps/sysctl.c
+++ b/procps/sysctl.c
@@ -16,7 +16,7 @@
  //config:      help
  //config:      Configure kernel parameters at runtime.
  
-//applet:IF_BB_SYSCTL(APPLET(sysctl, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_BB_SYSCTL(APPLET_NOEXEC(sysctl, sysctl, BB_DIR_SBIN, BB_SUID_DROP, sysctl))
  
  //kbuild:lib-$(CONFIG_BB_SYSCTL) += sysctl.o
author	Denys Vlasenko <vda.linux@googlemail.com>
	Sat, 5 Aug 2017 16:23:10 +0000 (18:23 +0200)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Sat, 5 Aug 2017 16:23:10 +0000 (18:23 +0200)
NOFORK_NOEXEC.lst		patch \| blob \| history
procps/sysctl.c		patch \| blob \| history