From 8ccb7f0096cfb1a8b7f155a86cde444af056b30c Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 20 Aug 2021 14:25:49 -0600 Subject: [PATCH] sudo_intercept.so only intercepts execve(2) for now. --- doc/sudo.conf.man.in | 26 +++++--------------------- doc/sudo.conf.mdoc.in | 26 +++++--------------------- 2 files changed, 10 insertions(+), 42 deletions(-) diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in index 35213ce48..98d4091ef 100644 --- a/doc/sudo.conf.man.in +++ b/doc/sudo.conf.man.in @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .nr SL @SEMAN@ -.TH "SUDO.CONF" "@mansectform@" "June 22, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO.CONF" "@mansectform@" "August 20, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -289,26 +289,10 @@ macOS and Solaris. .TP 10n intercept .br -The fully-qualified path to a shared library containing wrappers -for the -\fBexecl\fR(), -\fBexecle\fR(), -\fBexeclp\fR(), -\fBexect\fR(), -\fBexecv\fR(), -\fBexecve\fR(), -\fBexecvP\fR(), -\fBexecvp\fR(), -\fBexecvpe\fR(), -\fBfexecve\fR(), -\fBpopen\fR(), -\fBposix_spawn\fR(), -\fBposix_spawnp\fR(), -\fBsystem\fR(), -and -\fBwordexp\fR() -library functions that intercept attempts to run further commands and -perform a policy check before allowing them to be executed. +The fully-qualified path to a shared library containing a wrapper for the +\fBexecve\fR() +system call that intercepts attempts to run further commands and +performs a policy check before allowing them to be executed. This is used to implement the \fIintercept\fR functionality on systems that support diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in index fa5ddbad8..465bda5cc 100644 --- a/doc/sudo.conf.mdoc.in +++ b/doc/sudo.conf.mdoc.in @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .nr SL @SEMAN@ -.Dd June 22, 2021 +.Dd August 20, 2021 .Dt SUDO.CONF @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -264,26 +264,10 @@ functions, for example .Bx , macOS and Solaris. .It intercept -The fully-qualified path to a shared library containing wrappers -for the -.Fn execl , -.Fn execle , -.Fn execlp , -.Fn exect , -.Fn execv , -.Fn execve , -.Fn execvP , -.Fn execvp , -.Fn execvpe , -.Fn fexecve , -.Fn popen , -.Fn posix_spawn , -.Fn posix_spawnp , -.Fn system , -and -.Fn wordexp -library functions that intercept attempts to run further commands and -perform a policy check before allowing them to be executed. +The fully-qualified path to a shared library containing a wrapper for the +.Fn execve +system call that intercepts attempts to run further commands and +performs a policy check before allowing them to be executed. This is used to implement the .Em intercept functionality on systems that support