diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-08-06 14:15:24 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-08-06 14:15:24 +0200 |
| commit | a759b22c29fed7d6c77efe0c3e27772371d0889b (patch) | |
| tree | 6509a7f14e35cbdf837f8e3f665fa091b3759921 | |
| parent | fbecca1bed1b6daf10341304af2156baabc7af57 (diff) | |
| download | busybox-w32-a759b22c29fed7d6c77efe0c3e27772371d0889b.tar.gz busybox-w32-a759b22c29fed7d6c77efe0c3e27772371d0889b.tar.bz2 busybox-w32-a759b22c29fed7d6c77efe0c3e27772371d0889b.zip | |
nameif: make it NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | NOFORK_NOEXEC.lst | 4 | ||||
| -rw-r--r-- | networking/nameif.c | 2 | ||||
| -rw-r--r-- | procps/mpstat.c | 1 |
3 files changed, 4 insertions, 3 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 45b178ca8..9b33afc32 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst | |||
| @@ -237,10 +237,10 @@ modprobe - noexec | |||
| 237 | more - interactive, longterm | 237 | more - interactive, longterm |
| 238 | mount - suid | 238 | mount - suid |
| 239 | mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup | 239 | mountpoint - noexec. leaks: option -n "print dev name": find_block_device -> readdir+xstrdup |
| 240 | mpstat - noexec candidate (it's a measuring tool, putting less load by itself is good), complex | 240 | mpstat - longterm: "mpstat 1" runs indefinitely |
| 241 | mt - rare | 241 | mt - rare |
| 242 | mv - noexec candidate, runner | 242 | mv - noexec candidate, runner |
| 243 | nameif - leaks: config_open2+ioctl_or_perror_and_die | 243 | nameif - noexec. openlog(), leaks: config_open2+ioctl_or_perror_and_die |
| 244 | nbd-client | 244 | nbd-client |
| 245 | nc - runner | 245 | nc - runner |
| 246 | netstat - runner with -c | 246 | netstat - runner with -c |
diff --git a/networking/nameif.c b/networking/nameif.c index 31ee98a39..1f2695495 100644 --- a/networking/nameif.c +++ b/networking/nameif.c | |||
| @@ -40,7 +40,7 @@ | |||
| 40 | //config: new_interface_name mac=00:80:C8:38:91:B5 | 40 | //config: new_interface_name mac=00:80:C8:38:91:B5 |
| 41 | //config: new_interface_name 00:80:C8:38:91:B5 | 41 | //config: new_interface_name 00:80:C8:38:91:B5 |
| 42 | 42 | ||
| 43 | //applet:IF_NAMEIF(APPLET(nameif, BB_DIR_SBIN, BB_SUID_DROP)) | 43 | //applet:IF_NAMEIF(APPLET_NOEXEC(nameif, nameif, BB_DIR_SBIN, BB_SUID_DROP, nameif)) |
| 44 | 44 | ||
| 45 | //kbuild:lib-$(CONFIG_NAMEIF) += nameif.o | 45 | //kbuild:lib-$(CONFIG_NAMEIF) += nameif.o |
| 46 | 46 | ||
diff --git a/procps/mpstat.c b/procps/mpstat.c index 1eabd8e38..acaff4dc0 100644 --- a/procps/mpstat.c +++ b/procps/mpstat.c | |||
| @@ -8,6 +8,7 @@ | |||
| 8 | */ | 8 | */ |
| 9 | 9 | ||
| 10 | //applet:IF_MPSTAT(APPLET(mpstat, BB_DIR_BIN, BB_SUID_DROP)) | 10 | //applet:IF_MPSTAT(APPLET(mpstat, BB_DIR_BIN, BB_SUID_DROP)) |
| 11 | /* shouldn't be noexec: "mpstat INTERVAL" runs indefinitely */ | ||
| 11 | 12 | ||
| 12 | //kbuild:lib-$(CONFIG_MPSTAT) += mpstat.o | 13 | //kbuild:lib-$(CONFIG_MPSTAT) += mpstat.o |
| 13 | 14 | ||