isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add regress for noexec functionality

Browse Source
This commit is contained in:
Todd C. Miller
2016-11-14 14:21:08 -07:00
parent 068f96a213
commit 66af45eb24
8 changed files with 240 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/exec_common.c
View File

@@ -151,8 +151,8 @@ preload_dso(char *envp[], const char *dso_file)
* to run. On systems with privilege sets, we can remove the exec
* privilege. On other systems we use LD_PRELOAD and the like.
*/
static char **
disable_execute(char *envp[])
char **
disable_execute(char *envp[], const char *dso)
{
debug_decl(disable_execute, SUDO_DEBUG_UTIL)
@@ -167,8 +167,8 @@ disable_execute(char *envp[])
#endif /* HAVE_PRIV_SET */
#ifdef _PATH_SUDO_NOEXEC
if (sudo_conf_noexec_path() != NULL)
envp = preload_dso(envp, sudo_conf_noexec_path());
if (dso != NULL)
envp = preload_dso(envp, dso);
#endif /* _PATH_SUDO_NOEXEC */
debug_return_ptr(envp);
@@ -187,7 +187,7 @@ sudo_execve(int fd, const char *path, char *const argv[], char *envp[], bool noe
/* Modify the environment as needed to disable further execve(). */
if (noexec)
envp = disable_execute(envp);
envp = disable_execute(envp, sudo_conf_noexec_path());
#ifdef HAVE_FEXECVE
if (fd != -1)