ip,ip*: make them NOEXEC

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-09-18 15:45:13 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-09-18 15:45:13 +0200
commit: b63afead4411c5832d427ed149683c85cc81a4c9 (patch)
tree: a137db4764d05f8b6726e23c0c74979e5de7b88f
parent: c3e60e1e9a66b45794e04e9a0a39d1c012780930 (diff)
download: busybox-w32-b63afead4411c5832d427ed149683c85cc81a4c9.tar.gz
busybox-w32-b63afead4411c5832d427ed149683c85cc81a4c9.tar.bz2
busybox-w32-b63afead4411c5832d427ed149683c85cc81a4c9.zip
2 files changed, 14 insertions, 14 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index e787a346d..4e53d7204 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -187,16 +187,16 @@ insmod - noexec
 install - runner
 ionice - noexec. spawner
 iostat - longterm: "iostat 1" runs indefinitely
-ip - noexec candidate
+ip - noexec
-ipaddr - noexec candidate
+ipaddr - noexec
 ipcalc - noexec. ipcalc -h talks to network
 ipcrm - noexec
 ipcs - noexec
-iplink - noexec candidate
+iplink - noexec
-ipneigh - noexec candidate
+ipneigh - noexec
-iproute - noexec candidate
+iproute - noexec
-iprule - noexec candidate
+iprule - noexec
-iptunnel - noexec candidate
+iptunnel - noexec
 kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
 kill - NOFORK
 killall - NOFORK
diff --git a/networking/ip.c b/networking/ip.c
index 8aaeef0db..0bc0edc57 100644
--- a/networking/ip.c
+++ b/networking/ip.c
@@ -126,13 +126,13 @@
 //config:       Ethernet, wireless, infrared, ppp/slip, ip tunnelling
 //config:       link types are supported without this option selected.
-//applet:IF_IP(APPLET(ip, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_IP(      APPLET_NOEXEC(ip      , ip      , BB_DIR_SBIN, BB_SUID_DROP, ip      ))
-//applet:IF_IPADDR(APPLET(ipaddr, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_IPADDR(  APPLET_NOEXEC(ipaddr  , ipaddr  , BB_DIR_SBIN, BB_SUID_DROP, ipaddr  ))
-//applet:IF_IPLINK(APPLET(iplink, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_IPLINK(  APPLET_NOEXEC(iplink  , iplink  , BB_DIR_SBIN, BB_SUID_DROP, iplink  ))
-//applet:IF_IPROUTE(APPLET(iproute, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_IPROUTE( APPLET_NOEXEC(iproute , iproute , BB_DIR_SBIN, BB_SUID_DROP, iproute ))
-//applet:IF_IPRULE(APPLET(iprule, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_IPRULE(  APPLET_NOEXEC(iprule  , iprule  , BB_DIR_SBIN, BB_SUID_DROP, iprule  ))
-//applet:IF_IPTUNNEL(APPLET(iptunnel, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_IPTUNNEL(APPLET_NOEXEC(iptunnel, iptunnel, BB_DIR_SBIN, BB_SUID_DROP, iptunnel))
-//applet:IF_IPNEIGH(APPLET(ipneigh, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_IPNEIGH( APPLET_NOEXEC(ipneigh , ipneigh , BB_DIR_SBIN, BB_SUID_DROP, ipneigh ))
 //kbuild:lib-$(CONFIG_IP) += ip.o
 //kbuild:lib-$(CONFIG_IPADDR) += ip.o
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-09-18 15:45:13 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-09-18 15:45:13 +0200
commit	b63afead4411c5832d427ed149683c85cc81a4c9 (patch)
tree	a137db4764d05f8b6726e23c0c74979e5de7b88f
parent	c3e60e1e9a66b45794e04e9a0a39d1c012780930 (diff)
download	busybox-w32-b63afead4411c5832d427ed149683c85cc81a4c9.tar.gz busybox-w32-b63afead4411c5832d427ed149683c85cc81a4c9.tar.bz2 busybox-w32-b63afead4411c5832d427ed149683c85cc81a4c9.zip

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index e787a346d..4e53d7204 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst
@@ -187,16 +187,16 @@ insmod - noexec
187	install - runner	187	install - runner
188	ionice - noexec. spawner	188	ionice - noexec. spawner
189	iostat - longterm: "iostat 1" runs indefinitely	189	iostat - longterm: "iostat 1" runs indefinitely
190	ip - noexec candidate	190	ip - noexec
191	ipaddr - noexec candidate	191	ipaddr - noexec
192	ipcalc - noexec. ipcalc -h talks to network	192	ipcalc - noexec. ipcalc -h talks to network
193	ipcrm - noexec	193	ipcrm - noexec
194	ipcs - noexec	194	ipcs - noexec
195	iplink - noexec candidate	195	iplink - noexec
196	ipneigh - noexec candidate	196	ipneigh - noexec
197	iproute - noexec candidate	197	iproute - noexec
198	iprule - noexec candidate	198	iprule - noexec
199	iptunnel - noexec candidate	199	iptunnel - noexec
200	kbd_mode - noexec. leaks: xopen_nonblocking+xioctl	200	kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
201	kill - NOFORK	201	kill - NOFORK
202	killall - NOFORK	202	killall - NOFORK


diff --git a/networking/ip.c b/networking/ip.c index 8aaeef0db..0bc0edc57 100644 --- a/networking/ip.c +++ b/networking/ip.c
@@ -126,13 +126,13 @@
126	//config: Ethernet, wireless, infrared, ppp/slip, ip tunnelling	126	//config: Ethernet, wireless, infrared, ppp/slip, ip tunnelling
127	//config: link types are supported without this option selected.	127	//config: link types are supported without this option selected.
128		128
129	//applet:IF_IP(APPLET(ip, BB_DIR_SBIN, BB_SUID_DROP))	129	//applet:IF_IP( APPLET_NOEXEC(ip , ip , BB_DIR_SBIN, BB_SUID_DROP, ip ))
130	//applet:IF_IPADDR(APPLET(ipaddr, BB_DIR_SBIN, BB_SUID_DROP))	130	//applet:IF_IPADDR( APPLET_NOEXEC(ipaddr , ipaddr , BB_DIR_SBIN, BB_SUID_DROP, ipaddr ))
131	//applet:IF_IPLINK(APPLET(iplink, BB_DIR_SBIN, BB_SUID_DROP))	131	//applet:IF_IPLINK( APPLET_NOEXEC(iplink , iplink , BB_DIR_SBIN, BB_SUID_DROP, iplink ))
132	//applet:IF_IPROUTE(APPLET(iproute, BB_DIR_SBIN, BB_SUID_DROP))	132	//applet:IF_IPROUTE( APPLET_NOEXEC(iproute , iproute , BB_DIR_SBIN, BB_SUID_DROP, iproute ))
133	//applet:IF_IPRULE(APPLET(iprule, BB_DIR_SBIN, BB_SUID_DROP))	133	//applet:IF_IPRULE( APPLET_NOEXEC(iprule , iprule , BB_DIR_SBIN, BB_SUID_DROP, iprule ))
134	//applet:IF_IPTUNNEL(APPLET(iptunnel, BB_DIR_SBIN, BB_SUID_DROP))	134	//applet:IF_IPTUNNEL(APPLET_NOEXEC(iptunnel, iptunnel, BB_DIR_SBIN, BB_SUID_DROP, iptunnel))
135	//applet:IF_IPNEIGH(APPLET(ipneigh, BB_DIR_SBIN, BB_SUID_DROP))	135	//applet:IF_IPNEIGH( APPLET_NOEXEC(ipneigh , ipneigh , BB_DIR_SBIN, BB_SUID_DROP, ipneigh ))
136		136
137	//kbuild:lib-$(CONFIG_IP) += ip.o	137	//kbuild:lib-$(CONFIG_IP) += ip.o
138	//kbuild:lib-$(CONFIG_IPADDR) += ip.o	138	//kbuild:lib-$(CONFIG_IPADDR) += ip.o