From 9660f08e325bbb3d2deffc05ae216b00b83ab314 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 11 Mar 2011 11:34:11 -0500
Subject: [PATCH] Document noexec in sample.sudo.conf and add back noexec_file
 section in sudoers with a note that it is deprecated.

---
 doc/sample.sudo.conf | 15 ++++++++++++++-
 doc/sudo.pod         |  4 ++--
 doc/sudoers.pod      |  6 ++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/doc/sample.sudo.conf b/doc/sample.sudo.conf
index 8cb1c8266..18baa59bb 100644
--- a/doc/sample.sudo.conf
+++ b/doc/sample.sudo.conf
@@ -3,7 +3,8 @@
 #
 # Format:
 #   Plugin plugin_name plugin_path
-#   Path askpass askpass_path
+#   Path askpass /path/to/askpass
+#   Path noexec /path/to/noexec.so
 #
 # Sudo plugins:
 #
@@ -27,3 +28,15 @@ Plugin sudoers_io sudoers.so
 #
 # Use the Gnome OpenSSH askpass
 #Path askpass /usr/libexec/openssh/gnome-ssh-askpass
+
+#
+# Sudo noexec:
+#
+# Path to a shared library containing dummy versions of the execv(),
+# execve() and fexecve() library functions that just return an error.
+# This is used to implement the "noexec" functionality on systems that
+# support C<LD_PRELOAD> or its equivalent.
+# The compiled-in value is usually sufficient and should only be changed
+# if you rename or move the sudo_noexec.so file.
+#
+#Path noexec /usr/libexec/sudo_noexec.so
diff --git a/doc/sudo.pod b/doc/sudo.pod
index b12388b18..47ee46b68 100644
--- a/doc/sudo.pod
+++ b/doc/sudo.pod
@@ -428,8 +428,8 @@ which corresponds to the following F<@sysconfdir@/sudo.conf> file.
  #
  # Format:
  #   Plugin plugin_name plugin_path
- #   Path askpass path/to/askpass
- #   Path noexec path/to/noexec
+ #   Path askpass /path/to/askpass
+ #   Path noexec /path/to/noexec.so
  #
  # The plugin_path is relative to @prefix@/libexec unless
  #   fully qualified.
diff --git a/doc/sudoers.pod b/doc/sudoers.pod
index fbea8b459..70d588de2 100644
--- a/doc/sudoers.pod
+++ b/doc/sudoers.pod
@@ -1215,6 +1215,12 @@ Subject of the mail sent to the I<mailto> user. The escape C<%h>
 will expand to the host name of the machine.
 Default is C<@mailsub@>.
 
+=item noexec_file
+
+This option is deprecated and will be removed in a future release
+of B<sudo>.  The path to the noexec file should now be set in the
+F<@sysconfdir@/sudo.conf> file.
+
 =item passprompt
 
 The default prompt to use when asking for a password; can be overridden