Move noexec path into sudo.conf now that sudo itself handles noexec.

Currently can be configured in sudoers too but is now undocumented
and will be removed in a future release.

plugins/sudoers/defaults.c

@@ -498,9 +498,6 @@ init_defaults(void)
     def_secure_path = estrdup(SECURE_PATH);
 #endif
     def_editor = estrdup(EDITOR);
-#ifdef _PATH_SUDO_NOEXEC
-    def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
-#endif
 
     /* Finally do the lists (currently just environment tables). */
     init_envtables();

src/load_plugins.c

@@ -52,6 +52,8 @@
 # define RTLD_LOCAL	0
 #endif
 
+const char *noexec_path = _PATH_SUDO_NOEXEC;
+
 /*
  * Read in /etc/sudo.conf
  * Returns a list of plugins.
@@ -79,9 +81,10 @@ sudo_read_conf(const char *conf_file)
 		(path = strtok(NULL, " \t")) == NULL) {
 		continue;
 	    }
-	    if (strcasecmp(name, "askpass") != 0)
+	    if (strcasecmp(name, "askpass") == 0)
-		continue;
 		askpass_path = estrdup(path);
+	    else if (strcasecmp(name, "noexec") == 0)
+		noexec_path = estrdup(path);
 	    continue;
 	}
 

src/sudo.c

@@ -450,7 +450,6 @@ command_info_to_details(char * const info[], struct command_details *details)
 
     memset(details, 0, sizeof(*details));
     details->closefrom = -1;
-    details->noexec_file = _PATH_SUDO_NOEXEC;
 
 #define SET_STRING(s, n) \
     if (strncmp(s, info[i], sizeof(s) - 1) == 0 && info[i][sizeof(s) - 1]) { \
@@ -505,7 +504,11 @@ command_info_to_details(char * const info[], struct command_details *details)
 			SET(details->flags, CD_NOEXEC);
 		    break;
 		}
-		SET_STRING("noexec_file=", noexec_file)
+		/* XXX - deprecated */
+		if (strncmp("noexec_file=", info[i], sizeof("noexec_file=") - 1) == 0) {
+		    noexec_path = info[i] + sizeof("noexec_file=") - 1;
+		    break;
+		}
 		break;
 	    case 'p':
 		if (strncmp("preserve_groups=", info[i], sizeof("preserve_groups=") - 1) == 0) {
@@ -809,13 +812,13 @@ disable_execute(struct command_details *details)
      */
 #if defined(__darwin__) || defined(__APPLE__)
     nenvp[env_len++] = "DYLD_FORCE_FLAT_NAMESPACE=";
-    cp = fmt_string("DYLD_INSERT_LIBRARIES", details->noexec_file);
+    cp = fmt_string("DYLD_INSERT_LIBRARIES", noexec_path);
 #elif defined(__osf__) || defined(__sgi)
-    easprintf(&cp, "_RLD_LIST=%s:DEFAULT", details->noexec_file);
+    easprintf(&cp, "_RLD_LIST=%s:DEFAULT", noexec_path);
 #elif defined(_AIX)
-    cp = fmt_string("LDR_PRELOAD", details->noexec_file);
+    cp = fmt_string("LDR_PRELOAD", noexec_path);
 #else
-    cp = fmt_string("LD_PRELOAD", details->noexec_file);
+    cp = fmt_string("LD_PRELOAD", noexec_path);
 #endif
     if (cp == NULL)
 	error(1, NULL);

src/sudo.h

@@ -139,7 +139,6 @@ struct command_details {
     const char *chroot;
     const char *selinux_role;
     const char *selinux_type;
-    const char *noexec_file;
     char **argv;
     char **envp;
 };
@@ -163,6 +162,7 @@ void cleanup(int);
 char *tgetpass(const char *, int, int);
 int tty_present(void);
 extern const char *askpass_path;
+extern const char *noexec_path;
 
 /* zero_bytes.c */
 void zero_bytes(volatile void *, size_t);