Do not compile intercept code if --disable-intercept is specified.

2021-09-01 13:35:47 -06:00
parent 5c2f1ebbcf
commit 38d884a62d
7 changed files with 38 additions and 29 deletions
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -141,9 +141,9 @@ PROGS = @PROGS@

 OBJS = conversation.o copy_file.o edit_open.o env_hooks.o exec.o exec_common.o \
       exec_intercept.o exec_monitor.o exec_nopty.o exec_preload.lo exec_pty.o \
-       get_pty.o hooks.o intercept.pb-c.lo limits.o load_plugins.o net_ifs.o \
-       parse_args.o preserve_fds.o signal.o sudo.o sudo_edit.o \
-       tcsetpgrp_nobg.o tgetpass.o ttyname.o utmp.o @SUDO_OBJS@
+       get_pty.o hooks.o limits.o load_plugins.o net_ifs.o parse_args.o \
+       preserve_fds.o signal.o sudo.o sudo_edit.o tcsetpgrp_nobg.o tgetpass.o \
+       ttyname.o utmp.o @SUDO_OBJS@

 IOBJS = $(OBJS:.o=.i) sesh.i

--- a/src/exec_common.c
+++ b/src/exec_common.c
@@ -73,18 +73,18 @@ enable_intercept(char *envp[], const char *dso, int intercept_fd)
 {
    debug_decl(enable_intercept, SUDO_DEBUG_UTIL);

+    if (dso != NULL) {
 #ifdef RTLD_PRELOAD_VAR
-    if (dso == NULL)
-	sudo_fatalx("%s: missing DSO", __func__);
-    if (intercept_fd == -1)
-	sudo_fatalx("%s: no intercept fd", __func__);
+	if (intercept_fd == -1)
+	    sudo_fatalx("%s: no intercept fd", __func__);

-    envp = sudo_preload_dso(envp, dso, intercept_fd);
+	envp = sudo_preload_dso(envp, dso, intercept_fd);
 #else
-    /* Intercept not supported, envp unchanged. */
-    if (intercept_fd != -1)
-	close(intercept_fd);
+	/* Intercept not supported, envp unchanged. */
+	if (intercept_fd != -1)
+	    close(intercept_fd);
 #endif /* RTLD_PRELOAD_VAR */
+    }

    debug_return_ptr(envp);
 }
--- a/src/exec_intercept.c
+++ b/src/exec_intercept.c
@@ -45,10 +45,12 @@
 #include "sudo_rand.h"
 #include "intercept.pb-c.h"

+#ifdef _PATH_SUDO_INTERCEPT
+
 /* TCSASOFT is a BSD extension that ignores control flags and speed. */
-#ifndef TCSASOFT
-# define TCSASOFT	0
-#endif
+# ifndef TCSASOFT
+#  define TCSASOFT	0
+# endif

 enum intercept_state {
    RECV_HELLO_INITIAL,
@@ -938,3 +940,15 @@ bad:
 	close(client_sock);
    debug_return;
 }
+#else /* _PATH_SUDO_INTERCEPT */
+bool
+intercept_setup(int fd, struct sudo_event_base *evbase,
+    struct command_details *details)
+{
+    debug_decl(intercept_setup, SUDO_DEBUG_EXEC);
+
+    /* Intercept support not compiled in. */
+
+    debug_return_bool(false);
+}
+#endif /* _PATH_SUDO_INTERCEPT */