|
version 1.1.1.2, 2012/10/09 09:29:52
|
version 1.1.1.5, 2014/06/15 16:12:55
|
|
Line 1
|
Line 1
|
| /* |
/* |
| * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
| * |
* |
| * Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
|
Line 17
|
Line 17
|
| #include <config.h> |
#include <config.h> |
| |
|
| #include <sys/types.h> |
#include <sys/types.h> |
| #include <sys/param.h> |
|
| #include <stdio.h> |
#include <stdio.h> |
| #ifdef STDC_HEADERS |
#ifdef STDC_HEADERS |
| # include <stdlib.h> |
# include <stdlib.h> |
|
Line 40
|
Line 39
|
| # include <priv.h> |
# include <priv.h> |
| #endif |
#endif |
| #include <errno.h> |
#include <errno.h> |
| |
#include <fcntl.h> |
| #include <signal.h> |
#include <signal.h> |
| |
|
| #include "sudo.h" |
#include "sudo.h" |
|
Line 65 disable_execute(char *const envp[])
|
Line 65 disable_execute(char *const envp[])
|
| |
|
| #ifdef HAVE_PRIV_SET |
#ifdef HAVE_PRIV_SET |
| /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ |
/* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ |
| |
(void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_READ", NULL); |
| |
(void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_WRITE", NULL); |
| |
(void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_SEARCH", NULL); |
| if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0) |
if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0) |
| debug_return_ptr(envp); | debug_return_const_ptr(envp); |
| warning(_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT")); | warning(U_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT")); |
| #endif /* HAVE_PRIV_SET */ |
#endif /* HAVE_PRIV_SET */ |
| |
|
| #ifdef _PATH_SUDO_NOEXEC |
#ifdef _PATH_SUDO_NOEXEC |
|
Line 109 disable_execute(char *const envp[])
|
Line 112 disable_execute(char *const envp[])
|
| preload = fmt_string(RTLD_PRELOAD_VAR, sudo_conf_noexec_path()); |
preload = fmt_string(RTLD_PRELOAD_VAR, sudo_conf_noexec_path()); |
| # endif |
# endif |
| if (preload == NULL) |
if (preload == NULL) |
| errorx(1, _("unable to allocate memory")); | fatal(NULL); |
| nenvp[env_len++] = preload; |
nenvp[env_len++] = preload; |
| nenvp[env_len] = NULL; |
nenvp[env_len] = NULL; |
| } else { |
} else { |
|
Line 127 disable_execute(char *const envp[])
|
Line 130 disable_execute(char *const envp[])
|
| envp = nenvp; |
envp = nenvp; |
| #endif /* _PATH_SUDO_NOEXEC */ |
#endif /* _PATH_SUDO_NOEXEC */ |
| |
|
| debug_return_ptr(envp); | debug_return_const_ptr(envp); |
| } |
} |
| |
|
| /* |
/* |
|
Line 135 disable_execute(char *const envp[])
|
Line 138 disable_execute(char *const envp[])
|
| * ala execvp(3) if we get ENOEXEC. |
* ala execvp(3) if we get ENOEXEC. |
| */ |
*/ |
| int |
int |
| sudo_execve(const char *path, char *const argv[], char *const envp[], int noexec) | sudo_execve(const char *path, char *const argv[], char *const envp[], bool noexec) |
| { |
{ |
| /* Modify the environment as needed to disable further execve(). */ |
/* Modify the environment as needed to disable further execve(). */ |
| if (noexec) |
if (noexec) |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to exec_common.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / src