isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move preload_dso() to its own file and rename to sudo_preload_dso().

Browse Source 
It now takes an intercept fd as an optional argument instead of a
list of extra variables to add.  This lets us check whether it is
already set to the expected value (and add it if not).
sudo_intercept.so now uses sudo_preload_dso() to make sure that
LD_PRELOAD and SUDO_INTERCEPT_FD are set properly before executing.
This commit is contained in:
Todd C. Miller
2021-08-09 15:50:25 -06:00
parent 60e76e3e35
commit 9c3df47da9
7 changed files with 290 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/sudo_intercept.c
View File

@@ -63,14 +63,19 @@ my_execve(const char *cmnd, char * const argv[], char * const envp[])
{
char *ncmnd = NULL, **nargv = NULL, **nenvp = NULL;
/* XXX - add SUDO_INTERCEPT_FD to environment as needed. */
if (command_allowed(cmnd, argv, envp, &ncmnd, &nargv, &nenvp)) {
/* Execute the command using the "real" execve() function. */
execve(ncmnd, nargv, nenvp);
} else {
errno = EACCES;
}
/* XXX - free ncmnd, nargv, nenvp */
if (ncmnd != cmnd)
free(ncmnd);
if (nargv != argv)
free(nargv);
if (nenvp != envp)
free(nenvp);
return -1;
}
@@ -113,14 +118,19 @@ execve(const char *cmnd, char * const argv[], char * const envp[])
return -1;
}
/* XXX - add SUDO_INTERCEPT_FD to environment as needed. */
if (command_allowed(cmnd, argv, envp, &ncmnd, &nargv, &nenvp)) {
/* Execute the command using the "real" execve() function. */
return ((sudo_fn_execve_t)fn)(ncmnd, nargv, nenvp);
} else {
errno = EACCES;
}
/* XXX - free ncmnd, nargv, nenvp */
if (ncmnd != cmnd)
free(ncmnd);
if (nargv != argv)
free(nargv);
if (nenvp != envp)
free(nenvp);
return -1;
}
#endif /* HAVE___INTERPOSE) */