Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option.
The default value of noexec_file is set to this.
This commit is contained in:
Todd C. Miller
37
configure
vendored
37
configure
vendored
@@ -918,6 +918,7 @@ Optional Packages:
|
||||
--with-passwd-tries number of tries to enter password (default is 3)
|
||||
--with-timeout minutes before sudo asks for passwd again (def is 5 minutes)
|
||||
--with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)
|
||||
--with-noexec fully qualified pathname of sudo_noexec.so
|
||||
--with-execv use execv() instead of execvp()
|
||||
--with-tty-tickets use a different ticket file for each tty
|
||||
--with-insults insult the user for entering an incorrect password
|
||||
@@ -2718,6 +2719,24 @@ _ACEOF
|
||||
echo "$as_me:$LINENO: result: $password_timeout" >&5
|
||||
echo "${ECHO_T}$password_timeout" >&6
|
||||
|
||||
echo "$as_me:$LINENO: checking path to sudo_noexec.so" >&5
|
||||
echo $ECHO_N "checking path to sudo_noexec.so... $ECHO_C" >&6
|
||||
|
||||
# Check whether --with-noexec or --without-noexec was given.
|
||||
if test "${with_noexec+set}" = set; then
|
||||
withval="$with_noexec"
|
||||
case $with_noexec in
|
||||
yes) with_noexec="$libexecdir/sudo_noexec.so"
|
||||
;;
|
||||
no) ;;
|
||||
*) ;;
|
||||
esac
|
||||
else
|
||||
with_noexec="$libexecdir/sudo_noexec.so"
|
||||
fi;
|
||||
echo "$as_me:$LINENO: result: $with_noexec" >&5
|
||||
echo "${ECHO_T}$with_noexec" >&6
|
||||
|
||||
|
||||
# Check whether --with-execv or --without-execv was given.
|
||||
if test "${with_execv+set}" = set; then
|
||||
@@ -14342,6 +14361,24 @@ fi
|
||||
|
||||
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
|
||||
|
||||
if test "$with_noexec" != "no"; then
|
||||
oexec_prefix="$exec_prefix"
|
||||
if test "$exec_prefix" = '$(prefix)'; then
|
||||
if test "$prefix" = "NONE"; then
|
||||
exec_prefix="$ac_default_prefix"
|
||||
else
|
||||
exec_prefix="$prefix"
|
||||
fi
|
||||
fi
|
||||
eval with_noexec="$with_noexec"
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define _PATH_SUDO_NOEXEC "$with_noexec"
|
||||
_ACEOF
|
||||
|
||||
exec_prefix="$oexec_prefix"
|
||||
fi
|
||||
|
||||
ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man"
|
||||
cat >confcache <<\_ACEOF
|
||||
# This file is a shell script that caches the results of configure
|
||||
|
||||
28
configure.in
28
configure.in
@@ -804,6 +804,16 @@ esac])
|
||||
AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
|
||||
AC_MSG_RESULT($password_timeout)
|
||||
|
||||
AC_MSG_CHECKING(path to sudo_noexec.so)
|
||||
AC_ARG_WITH(noexec, [ --with-noexec fully qualified pathname of sudo_noexec.so],
|
||||
[case $with_noexec in
|
||||
yes) with_noexec="$libexecdir/sudo_noexec.so"
|
||||
;;
|
||||
no) ;;
|
||||
*) ;;
|
||||
esac], [with_noexec="$libexecdir/sudo_noexec.so"])
|
||||
AC_MSG_RESULT($with_noexec)
|
||||
|
||||
AC_ARG_WITH(execv, [ --with-execv use execv() instead of execvp()],
|
||||
[case $with_execv in
|
||||
yes) AC_MSG_CHECKING(whether to use execvp or execv)
|
||||
@@ -2071,6 +2081,24 @@ dnl Set exec_prefix
|
||||
dnl
|
||||
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
|
||||
|
||||
dnl
|
||||
dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
|
||||
dnl XXX - this is gross!
|
||||
dnl
|
||||
if test "$with_noexec" != "no"; then
|
||||
oexec_prefix="$exec_prefix"
|
||||
if test "$exec_prefix" = '$(prefix)'; then
|
||||
if test "$prefix" = "NONE"; then
|
||||
exec_prefix="$ac_default_prefix"
|
||||
else
|
||||
exec_prefix="$prefix"
|
||||
fi
|
||||
fi
|
||||
eval with_noexec="$with_noexec"
|
||||
AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$with_noexec", [The fully qualified pathname of sudo_noexec.so])
|
||||
exec_prefix="$oexec_prefix"
|
||||
fi
|
||||
|
||||
dnl
|
||||
dnl Substitute into the Makefile and man pages
|
||||
dnl
|
||||
|
||||
@@ -502,6 +502,9 @@ init_defaults()
|
||||
def_exempt_group = estrdup(EXEMPTGROUP);
|
||||
#endif
|
||||
def_editor = estrdup(EDITOR);
|
||||
#ifdef _PATH_SUDO_NOEXEC
|
||||
def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
|
||||
#endif
|
||||
|
||||
/* Finally do the lists (currently just environment tables). */
|
||||
init_envtables();
|
||||
|
||||
2
env.c
2
env.c
@@ -439,7 +439,7 @@ rebuild_env(envp, reset_home, noexec)
|
||||
|
||||
/* Point LD_PRELOAD to noexec_file? */
|
||||
/* XXX - what to use for HP-UX and AIX? */
|
||||
if (noexec)
|
||||
if (noexec && def_noexec_file != NULL)
|
||||
insert_env(format_env("LD_PRELOAD", def_noexec_file), 1);
|
||||
|
||||
/* Set PS1 if SUDO_PS1 is set. */
|
||||
|
||||
@@ -98,6 +98,10 @@
|
||||
#undef _PATH_SUDO_SENDMAIL
|
||||
#endif /* _PATH_SUDO_SENDMAIL */
|
||||
|
||||
#ifndef _PATH_SUDO_NOEXEC
|
||||
#undef _PATH_SUDO_NOEXEC
|
||||
#endif /* _PATH_SUDO_NOEXEC */
|
||||
|
||||
#ifndef _PATH_VI
|
||||
#undef _PATH_VI
|
||||
#endif /* _PATH_VI */
|
||||
|
||||
Reference in New Issue
Block a user