isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use getopt() and getopt_long() for sesh command line options.

Browse Source
This commit is contained in:
Todd C. Miller
2022-10-10 09:12:48 -06:00
parent 8d5e59c8a8
commit 3bdb585481
3 changed files with 194 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/selinux.c
View File

@@ -444,8 +444,7 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[],
{
char **nargv;
const char *sesh;
int argc, nargc, serrno;
bool login_shell = false;
int argc, len, nargc, serrno;
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX);
sesh = sudo_conf_sesh_path();
@@ -461,8 +460,6 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[],
/*
* Build new argv with sesh as argv[0].
* If argv[0] ends in -noexec, sesh will disable execute
* for the command it runs.
*/
for (argc = 0; argv[argc] != NULL; argc++)
continue;
@@ -470,19 +467,15 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[],
errno = EINVAL;
debug_return;
}
nargv = reallocarray(NULL, argc + 4, sizeof(char *));
nargv = reallocarray(NULL, 5 + argc + 1, sizeof(char *));
if (nargv == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return;
}
if (*argv[0] == '-')
login_shell = true;
if (ISSET(flags, CD_NOEXEC)) {
nargv[0] = (char *)(login_shell ? "-sesh-noexec" : "sesh-noexec");
CLR(flags, CD_NOEXEC);
} else {
nargv[0] = (char *)(login_shell ? "-sesh" : "sesh");
}
nargv[0] = (char *)"-sesh";
else
nargv[0] = (char *)"sesh";
nargc = 1;
if (ISSET(flags, CD_RBAC_SET_CWD)) {
const char *prefix = ISSET(flags, CD_CWD_OPTIONAL) ? "+" : "";
@@ -491,19 +484,27 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[],
errno = EINVAL;
debug_return;
}
if (asprintf(&nargv[nargc++], "--chdir=%s%s", prefix, rundir) == -1) {
len = asprintf(&nargv[nargc++], "--directory=%s%s", prefix, rundir);
if (len == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return;
}
}
if (fd != -1 && asprintf(&nargv[nargc++], "--execfd=%d", fd) == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return;
if (fd != -1) {
len = asprintf(&nargv[nargc++], "--execfd=%d", fd);
if (len == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return;
}
}
if (ISSET(flags, CD_NOEXEC)) {
CLR(flags, CD_NOEXEC);
nargv[nargc++] = (char *)"--noexec";
}
nargv[nargc++] = (char *)"--";
nargv[nargc++] = (char *)path;
memcpy(&nargv[nargc], &argv[1], argc * sizeof(char *)); /* copies NULL */
/* sesh will handle noexec for us. */
sudo_execve(-1, sesh, nargv, envp, -1, flags);
serrno = errno;
free(nargv);