Move noexec path into sudo.conf now that sudo itself handles noexec.

Currently can be configured in sudoers too but is now undocumented and will be removed in a future release.
2011-03-10 16:12:33 -05:00
parent dc8012265f
commit 7debf44742
4 changed files with 16 additions and 13 deletions
--- a/plugins/sudoers/defaults.c
+++ b/plugins/sudoers/defaults.c
@@ -498,9 +498,6 @@ init_defaults(void)
    def_secure_path = estrdup(SECURE_PATH);
 #endif
    def_editor = estrdup(EDITOR);
 #ifdef _PATH_SUDO_NOEXEC
    def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
 #endif
    /* Finally do the lists (currently just environment tables). */
    init_envtables();
--- a/src/load_plugins.c
+++ b/src/load_plugins.c
@@ -52,6 +52,8 @@
 # define RTLD_LOCAL	0
 #endif
 const char *noexec_path = _PATH_SUDO_NOEXEC;
 /*
 * Read in /etc/sudo.conf
 * Returns a list of plugins.
@@ -79,9 +81,10 @@ sudo_read_conf(const char *conf_file)
 		(path = strtok(NULL, " \t")) == NULL) {
 		continue;
 	    }
-	    if (strcasecmp(name, "askpass") != 0)
+	    if (strcasecmp(name, "askpass") == 0)
 		continue;
 		askpass_path = estrdup(path);
 	    else if (strcasecmp(name, "noexec") == 0)
 		noexec_path = estrdup(path);
 	    continue;
 	}
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -450,7 +450,6 @@ command_info_to_details(char * const info[], struct command_details *details)
    memset(details, 0, sizeof(*details));
    details->closefrom = -1;
    details->noexec_file = _PATH_SUDO_NOEXEC;
 #define SET_STRING(s, n) \
    if (strncmp(s, info[i], sizeof(s) - 1) == 0 && info[i][sizeof(s) - 1]) { \
@@ -505,7 +504,11 @@ command_info_to_details(char * const info[], struct command_details *details)
 			SET(details->flags, CD_NOEXEC);
 		    break;
 		}
-		SET_STRING("noexec_file=", noexec_file)
+		/* XXX - deprecated */
 		if (strncmp("noexec_file=", info[i], sizeof("noexec_file=") - 1) == 0) {
 		    noexec_path = info[i] + sizeof("noexec_file=") - 1;
 		    break;
 		}
 		break;
 	    case 'p':
 		if (strncmp("preserve_groups=", info[i], sizeof("preserve_groups=") - 1) == 0) {
@@ -809,13 +812,13 @@ disable_execute(struct command_details *details)
     */
 #if defined(__darwin__) || defined(__APPLE__)
    nenvp[env_len++] = "DYLD_FORCE_FLAT_NAMESPACE=";
-    cp = fmt_string("DYLD_INSERT_LIBRARIES", details->noexec_file);
+    cp = fmt_string("DYLD_INSERT_LIBRARIES", noexec_path);
 #elif defined(__osf__) || defined(__sgi)
-    easprintf(&cp, "_RLD_LIST=%s:DEFAULT", details->noexec_file);
+    easprintf(&cp, "_RLD_LIST=%s:DEFAULT", noexec_path);
 #elif defined(_AIX)
-    cp = fmt_string("LDR_PRELOAD", details->noexec_file);
+    cp = fmt_string("LDR_PRELOAD", noexec_path);
 #else
-    cp = fmt_string("LD_PRELOAD", details->noexec_file);
+    cp = fmt_string("LD_PRELOAD", noexec_path);
 #endif
    if (cp == NULL)
 	error(1, NULL);
--- a/src/sudo.h
+++ b/src/sudo.h
@@ -139,7 +139,6 @@ struct command_details {
    const char *chroot;
    const char *selinux_role;
    const char *selinux_type;
    const char *noexec_file;
    char **argv;
    char **envp;
 };
@@ -163,6 +162,7 @@ void cleanup(int);
 char *tgetpass(const char *, int, int);
 int tty_present(void);
 extern const char *askpass_path;
 extern const char *noexec_path;
 /* zero_bytes.c */
 void zero_bytes(volatile void *, size_t);