From b63afead4411c5832d427ed149683c85cc81a4c9 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Mon, 18 Sep 2017 15:45:13 +0200 Subject: [PATCH] ip,ip*: make them NOEXEC Signed-off-by: Denys Vlasenko --- NOFORK_NOEXEC.lst | 14 +++++++------- networking/ip.c | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index e787a346d..4e53d7204 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst @@ -187,16 +187,16 @@ insmod - noexec install - runner ionice - noexec. spawner iostat - longterm: "iostat 1" runs indefinitely -ip - noexec candidate -ipaddr - noexec candidate +ip - noexec +ipaddr - noexec ipcalc - noexec. ipcalc -h talks to network ipcrm - noexec ipcs - noexec -iplink - noexec candidate -ipneigh - noexec candidate -iproute - noexec candidate -iprule - noexec candidate -iptunnel - noexec candidate +iplink - noexec +ipneigh - noexec +iproute - noexec +iprule - noexec +iptunnel - noexec kbd_mode - noexec. leaks: xopen_nonblocking+xioctl kill - NOFORK killall - NOFORK diff --git a/networking/ip.c b/networking/ip.c index 8aaeef0db..0bc0edc57 100644 --- a/networking/ip.c +++ b/networking/ip.c @@ -126,13 +126,13 @@ //config: Ethernet, wireless, infrared, ppp/slip, ip tunnelling //config: link types are supported without this option selected. -//applet:IF_IP(APPLET(ip, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPADDR(APPLET(ipaddr, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPLINK(APPLET(iplink, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPROUTE(APPLET(iproute, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPRULE(APPLET(iprule, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPTUNNEL(APPLET(iptunnel, BB_DIR_SBIN, BB_SUID_DROP)) -//applet:IF_IPNEIGH(APPLET(ipneigh, BB_DIR_SBIN, BB_SUID_DROP)) +//applet:IF_IP( APPLET_NOEXEC(ip , ip , BB_DIR_SBIN, BB_SUID_DROP, ip )) +//applet:IF_IPADDR( APPLET_NOEXEC(ipaddr , ipaddr , BB_DIR_SBIN, BB_SUID_DROP, ipaddr )) +//applet:IF_IPLINK( APPLET_NOEXEC(iplink , iplink , BB_DIR_SBIN, BB_SUID_DROP, iplink )) +//applet:IF_IPROUTE( APPLET_NOEXEC(iproute , iproute , BB_DIR_SBIN, BB_SUID_DROP, iproute )) +//applet:IF_IPRULE( APPLET_NOEXEC(iprule , iprule , BB_DIR_SBIN, BB_SUID_DROP, iprule )) +//applet:IF_IPTUNNEL(APPLET_NOEXEC(iptunnel, iptunnel, BB_DIR_SBIN, BB_SUID_DROP, iptunnel)) +//applet:IF_IPNEIGH( APPLET_NOEXEC(ipneigh , ipneigh , BB_DIR_SBIN, BB_SUID_DROP, ipneigh )) //kbuild:lib-$(CONFIG_IP) += ip.o //kbuild:lib-$(CONFIG_IPADDR) += ip.o -- 2.25.1