isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

document --with-noexec

Browse Source
This commit is contained in:
Todd C. Miller
2004-08-21 18:20:11 +00:00
parent 0c0dcf2e32
commit 65d6b278b4
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
INSTALL
View File

@@ -225,6 +225,17 @@ Special features/options:
only the newer BSD authentication API is supported. If you only the newer BSD authentication API is supported. If you
don't have /usr/include/bsd_auth.h then you cannot use this. don't have /usr/include/bsd_auth.h then you cannot use this.
--with-noexec[=PATH]
Enable support for the "noexec" functionality which prevents
a dynamically-linked program being run by sudo from executing
another program (think shell escapes). Please see the
"PREVENTING SHELL ESCAPES" section in the sudoers man page
for details. If specified, PATH should be a fully qualified
pathname, e.g. /usr/local/libexec/sudo_noexec.so. If PATH
is "no", noexec support will not be compiled in. The default
is to compile noexec support if libtool supports building
shared objects on your OS.
--disable-root-mailer --disable-root-mailer
By default sudo will run the mailer as root when tattling By default sudo will run the mailer as root when tattling
on a user so as to prevent that user from killing the mailer. on a user so as to prevent that user from killing the mailer.