isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add intercept_verify sudoers option to control execve(2) argument checking.

Browse Source
This commit is contained in:
Todd C. Miller
2022-07-29 15:22:27 -06:00
parent b80b012de0
commit 3ce19efca9
10 changed files with 99 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/exec_ptrace.c
View File

@@ -1532,10 +1532,12 @@ ptrace_intercept_execve(pid_t pid, struct intercept_closure *closure)
}
}
if (closure->state == POLICY_ACCEPT) {
/* Verify execve(2) args post-exec. */
if (!ptrace_verify_post_exec(pid, &regs, closure)) {
if (errno != ESRCH)
kill(pid, SIGKILL);
if (ISSET(closure->details->flags, CD_INTERCEPT_VERIFY)) {
/* Verify execve(2) args post-exec. */
if (!ptrace_verify_post_exec(pid, &regs, closure)) {
if (errno != ESRCH)
kill(pid, SIGKILL);
}
}
}
break;