isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Correct error message when command doesn't exist in intercept mode.

Browse Source 
Previously, we would always use EACCES, even when ENOENT was
appropriate.  This also affected log_subcmds.
This commit is contained in:
Todd C. Miller
2023-01-25 10:31:49 -07:00
parent de021b60db
commit a32a54dced
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/exec_intercept.c
View File

@@ -407,7 +407,7 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
*/ */
if (stat(command, &sb) == -1) { if (stat(command, &sb) == -1) {
closure->errstr = NULL; closure->errstr = NULL;
closure->state = POLICY_REJECT; closure->state = POLICY_ERROR;
goto done; goto done;
} }

7
src/exec_ptrace.c
View File

@@ -1920,9 +1920,12 @@ ptrace_intercept_execve(pid_t pid, struct intercept_closure *closure)
} }
} }
break; break;
default: case POLICY_REJECT:
/* If rejected, fake the syscall and set return to EACCES */ /* If rejected, fake the syscall and set return to EACCES */
ptrace_fail_syscall(pid, &regs, EACCES); errno = EACCES;
FALLTHROUGH;
default:
ptrace_fail_syscall(pid, &regs, errno);
break; break;
} }