[git commit] tunctl: make it NOEXEC

Denys Vlasenko vda.linux at googlemail.com
Sun Aug 6 10:28:00 UTC 2017


commit: https://git.busybox.net/busybox/commit/?id=9a58cc0f7fbdf967c159588e0de5f3a8dfd87db5
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 NOFORK_NOEXEC.lst   | 4 ++--
 networking/tunctl.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index c605302..45b178c 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -182,7 +182,7 @@ ipneigh - noexec candidate
 iproute - noexec candidate
 iprule - noexec candidate
 iptunnel - noexec candidate
-kbd_mode - leaks: xopen_nonblocking+xioctl
+kbd_mode - noexec. leaks: xopen_nonblocking+xioctl
 kill - NOFORK
 killall - NOFORK
 killall5 - NOFORK
@@ -365,7 +365,7 @@ true - NOFORK
 truncate - NOFORK
 tty - NOFORK
 ttysize - NOFORK
-tunctl
+tunctl - noexec
 tune2fs - noexec. leaks: open+xfunc
 ubiattach
 ubidetach
diff --git a/networking/tunctl.c b/networking/tunctl.c
index 0a26ff7..4c32200 100644
--- a/networking/tunctl.c
+++ b/networking/tunctl.c
@@ -24,7 +24,7 @@
 //config:	Allow to specify owner and group of newly created interface.
 //config:	340 bytes of pure bloat. Say no here.
 
-//applet:IF_TUNCTL(APPLET(tunctl, BB_DIR_SBIN, BB_SUID_DROP))
+//applet:IF_TUNCTL(APPLET_NOEXEC(tunctl, tunctl, BB_DIR_SBIN, BB_SUID_DROP, tunctl))
 
 //kbuild:lib-$(CONFIG_TUNCTL) += tunctl.o
 


More information about the busybox-cvs mailing list