isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sudo_intercept.so only intercepts execve(2) for now.

Browse Source
This commit is contained in:
Todd C. Miller
2021-08-20 14:25:49 -06:00
parent 7df245dc91
commit 8ccb7f0096
2 changed files with 10 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
doc/sudo.conf.man.in
View File

@@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.nr SL @SEMAN@ .nr SL @SEMAN@
.TH "SUDO.CONF" "@mansectform@" "June 22, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDO.CONF" "@mansectform@" "August 20, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -289,26 +289,10 @@ macOS and Solaris.
.TP 10n .TP 10n
intercept intercept
.br .br
The fully-qualified path to a shared library containing wrappers The fully-qualified path to a shared library containing a wrapper for the
for the \fBexecve\fR()
\fBexecl\fR(), system call that intercepts attempts to run further commands and
\fBexecle\fR(), performs a policy check before allowing them to be executed.
\fBexeclp\fR(),
\fBexect\fR(),
\fBexecv\fR(),
\fBexecve\fR(),
\fBexecvP\fR(),
\fBexecvp\fR(),
\fBexecvpe\fR(),
\fBfexecve\fR(),
\fBpopen\fR(),
\fBposix_spawn\fR(),
\fBposix_spawnp\fR(),
\fBsystem\fR(),
and
\fBwordexp\fR()
library functions that intercept attempts to run further commands and
perform a policy check before allowing them to be executed.
This is used to implement the This is used to implement the
\fIintercept\fR \fIintercept\fR
functionality on systems that support functionality on systems that support

26
doc/sudo.conf.mdoc.in
View File

@@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.nr SL @SEMAN@ .nr SL @SEMAN@
.Dd June 22, 2021 .Dd August 20, 2021
.Dt SUDO.CONF @mansectform@ .Dt SUDO.CONF @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -264,26 +264,10 @@ functions, for example
.Bx , .Bx ,
macOS and Solaris. macOS and Solaris.
.It intercept .It intercept
The fully-qualified path to a shared library containing wrappers The fully-qualified path to a shared library containing a wrapper for the
for the .Fn execve
.Fn execl , system call that intercepts attempts to run further commands and
.Fn execle , performs a policy check before allowing them to be executed.
.Fn execlp ,
.Fn exect ,
.Fn execv ,
.Fn execve ,
.Fn execvP ,
.Fn execvp ,
.Fn execvpe ,
.Fn fexecve ,
.Fn popen ,
.Fn posix_spawn ,
.Fn posix_spawnp ,
.Fn system ,
and
.Fn wordexp
library functions that intercept attempts to run further commands and
perform a policy check before allowing them to be executed.
This is used to implement the This is used to implement the
.Em intercept .Em intercept
functionality on systems that support functionality on systems that support