isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sudo_intercept.so only intercepts execve(2) for now.

Browse Source
This commit is contained in:
Todd C. Miller
2021-08-20 14:25:49 -06:00
parent 7df245dc91
commit 8ccb7f0096
2 changed files with 10 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
doc/sudo.conf.man.in
View File

@@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.nr SL @SEMAN@
.TH "SUDO.CONF" "@mansectform@" "June 22, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO.CONF" "@mansectform@" "August 20, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -289,26 +289,10 @@ macOS and Solaris.
.TP 10n
intercept
.br
The fully-qualified path to a shared library containing wrappers
for the
\fBexecl\fR(),
\fBexecle\fR(),
\fBexeclp\fR(),
\fBexect\fR(),
\fBexecv\fR(),
\fBexecve\fR(),
\fBexecvP\fR(),
\fBexecvp\fR(),
\fBexecvpe\fR(),
\fBfexecve\fR(),
\fBpopen\fR(),
\fBposix_spawn\fR(),
\fBposix_spawnp\fR(),
\fBsystem\fR(),
and
\fBwordexp\fR()
library functions that intercept attempts to run further commands and
perform a policy check before allowing them to be executed.
The fully-qualified path to a shared library containing a wrapper for the
\fBexecve\fR()
system call that intercepts attempts to run further commands and
performs a policy check before allowing them to be executed.
This is used to implement the
\fIintercept\fR
functionality on systems that support

26
doc/sudo.conf.mdoc.in
View File

@@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.nr SL @SEMAN@
.Dd June 22, 2021
.Dd August 20, 2021
.Dt SUDO.CONF @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -264,26 +264,10 @@ functions, for example
.Bx ,
macOS and Solaris.
.It intercept
The fully-qualified path to a shared library containing wrappers
for the
.Fn execl ,
.Fn execle ,
.Fn execlp ,
.Fn exect ,
.Fn execv ,
.Fn execve ,
.Fn execvP ,
.Fn execvp ,
.Fn execvpe ,
.Fn fexecve ,
.Fn popen ,
.Fn posix_spawn ,
.Fn posix_spawnp ,
.Fn system ,
and
.Fn wordexp
library functions that intercept attempts to run further commands and
perform a policy check before allowing them to be executed.
The fully-qualified path to a shared library containing a wrapper for the
.Fn execve
system call that intercepts attempts to run further commands and
performs a policy check before allowing them to be executed.
This is used to implement the
.Em intercept
functionality on systems that support