[git commit] sysctl: make it NOEXEC

Denys Vlasenko vda.linux at googlemail.com
Sat Aug 5 16:23:10 UTC 2017


commit: https://git.busybox.net/busybox/commit/?id=caf26b36f3c11f6b5c8f8ab2bf829d14e4e6980e
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 NOFORK_NOEXEC.lst | 2 +-
 procps/sysctl.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 1bb571b..78d06f3 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -341,7 +341,7 @@ swapoff - rare
 swapon - rare
 switch_root - spawner, rare, changes state (oh yes), execing may be important to free binary's inode
 sync - NOFORK
-sysctl - noexec candidate, leaks: xstrdup+xmalloc_read
+sysctl - noexec. leaks: xstrdup+xmalloc_read
 syslogd - daemon
 tac - noexec. runner
 tail - runner
diff --git a/procps/sysctl.c b/procps/sysctl.c
index a42a912..827e09c 100644
--- a/procps/sysctl.c
+++ b/procps/sysctl.c
@@ -16,7 +16,7 @@
 //config:	help
 //config:	Configure kernel parameters at runtime.
 
-//applet:IF_BB_SYSCTL(APPLET(sysctl, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_BB_SYSCTL(APPLET_NOEXEC(sysctl, sysctl, BB_DIR_SBIN, BB_SUID_DROP, sysctl))
 
 //kbuild:lib-$(CONFIG_BB_SYSCTL) += sysctl.o
 


More information about the busybox-cvs mailing list