summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2017-09-18 15:45:13 +0200
committerDenys Vlasenko2017-09-18 15:45:13 +0200
commitb63afead4411c5832d427ed149683c85cc81a4c9 (patch)
treea137db4764d05f8b6726e23c0c74979e5de7b88f
parentc3e60e1e9a66b45794e04e9a0a39d1c012780930 (diff)
downloadbusybox-b63afead4411c5832d427ed149683c85cc81a4c9.zip
busybox-b63afead4411c5832d427ed149683c85cc81a4c9.tar.gz
ip,ip*: make them NOEXEC
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--NOFORK_NOEXEC.lst14
-rw-r--r--networking/ip.c14
2 files changed, 14 insertions, 14 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index e787a34..4e53d72 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -187,16 +187,16 @@ insmod - noexec
install - runner
ionice - noexec. spawner
iostat - longterm: "iostat 1" runs indefinitely
-ip - noexec candidate
-ipaddr - noexec candidate
+ip - noexec
+ipaddr - noexec
ipcalc - noexec. ipcalc -h talks to network
ipcrm - noexec
ipcs - noexec
-iplink - noexec candidate
-ipneigh - noexec candidate
-iproute - noexec candidate
-iprule - noexec candidate
-iptunnel - noexec candidate
+iplink - noexec
+ipneigh - noexec
+iproute - noexec
+iprule - noexec
+iptunnel - noexec
kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
kill - NOFORK
killall - NOFORK
diff --git a/networking/ip.c b/networking/ip.c
index 8aaeef0..0bc0edc 100644
--- a/networking/ip.c
+++ b/networking/ip.c
@@ -126,13 +126,13 @@
//config: Ethernet, wireless, infrared, ppp/slip, ip tunnelling
//config: link types are supported without this option selected.
-//applet:IF_IP(APPLET(ip, BB_DIR_SBIN, BB_SUID_DROP))
-//applet:IF_IPADDR(APPLET(ipaddr, BB_DIR_SBIN, BB_SUID_DROP))
-//applet:IF_IPLINK(APPLET(iplink, BB_DIR_SBIN, BB_SUID_DROP))
-//applet:IF_IPROUTE(APPLET(iproute, BB_DIR_SBIN, BB_SUID_DROP))
-//applet:IF_IPRULE(APPLET(iprule, BB_DIR_SBIN, BB_SUID_DROP))
-//applet:IF_IPTUNNEL(APPLET(iptunnel, BB_DIR_SBIN, BB_SUID_DROP))
-//applet:IF_IPNEIGH(APPLET(ipneigh, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_IP( APPLET_NOEXEC(ip , ip , BB_DIR_SBIN, BB_SUID_DROP, ip ))
+//applet:IF_IPADDR( APPLET_NOEXEC(ipaddr , ipaddr , BB_DIR_SBIN, BB_SUID_DROP, ipaddr ))
+//applet:IF_IPLINK( APPLET_NOEXEC(iplink , iplink , BB_DIR_SBIN, BB_SUID_DROP, iplink ))
+//applet:IF_IPROUTE( APPLET_NOEXEC(iproute , iproute , BB_DIR_SBIN, BB_SUID_DROP, iproute ))
+//applet:IF_IPRULE( APPLET_NOEXEC(iprule , iprule , BB_DIR_SBIN, BB_SUID_DROP, iprule ))
+//applet:IF_IPTUNNEL(APPLET_NOEXEC(iptunnel, iptunnel, BB_DIR_SBIN, BB_SUID_DROP, iptunnel))
+//applet:IF_IPNEIGH( APPLET_NOEXEC(ipneigh , ipneigh , BB_DIR_SBIN, BB_SUID_DROP, ipneigh ))
//kbuild:lib-$(CONFIG_IP) += ip.o
//kbuild:lib-$(CONFIG_IPADDR) += ip.o