version 1.1.1.4, 2013/10/14 07:56:35
|
version 1.1.1.5, 2014/06/15 16:12:55
|
Line 65 disable_execute(char *const envp[])
|
Line 65 disable_execute(char *const envp[])
|
|
|
#ifdef HAVE_PRIV_SET |
#ifdef HAVE_PRIV_SET |
/* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ |
/* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ |
|
(void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_READ", NULL); |
|
(void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_WRITE", NULL); |
|
(void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_SEARCH", NULL); |
if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0) |
if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0) |
debug_return_ptr(envp); | debug_return_const_ptr(envp); |
warning(_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT")); | warning(U_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT")); |
#endif /* HAVE_PRIV_SET */ |
#endif /* HAVE_PRIV_SET */ |
|
|
#ifdef _PATH_SUDO_NOEXEC |
#ifdef _PATH_SUDO_NOEXEC |
Line 127 disable_execute(char *const envp[])
|
Line 130 disable_execute(char *const envp[])
|
envp = nenvp; |
envp = nenvp; |
#endif /* _PATH_SUDO_NOEXEC */ |
#endif /* _PATH_SUDO_NOEXEC */ |
|
|
debug_return_ptr(envp); | debug_return_const_ptr(envp); |
} |
} |
|
|
/* |
/* |
Line 135 disable_execute(char *const envp[])
|
Line 138 disable_execute(char *const envp[])
|
* ala execvp(3) if we get ENOEXEC. |
* ala execvp(3) if we get ENOEXEC. |
*/ |
*/ |
int |
int |
sudo_execve(const char *path, char *const argv[], char *const envp[], int noexec) | sudo_execve(const char *path, char *const argv[], char *const envp[], bool noexec) |
{ |
{ |
/* Modify the environment as needed to disable further execve(). */ |
/* Modify the environment as needed to disable further execve(). */ |
if (noexec) |
if (noexec) |