Fix installation of sudo_noexec on Mac OS X.

Use library symbol interposition on Mac OS X 10.4 and higher so
we don't need to set DYLD_FORCE_FLAT_NAMESPACE=1.

config.h.in

@@ -742,6 +742,9 @@
 /* Define to 1 if the compiler supports the C99 __func__ variable. */
 #undef HAVE___FUNC__
 
+/* Define to 1 if you have dyld with __interpose attribute support. */
+#undef HAVE___INTERPOSE
+
 /* Define to 1 if you have the `__nss_initf_group' function. */
 #undef HAVE___NSS_INITF_GROUP
 

configure

@@ -737,6 +737,7 @@ DEVEL
 SUDOERS_GID
 SUDOERS_UID
 SUDOERS_MODE
+SHLIB_EXT
 SHLIB_MODE
 MANCOMPRESSEXT
 MANCOMPRESS
@@ -2929,6 +2930,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
 
 
 
+
 
 
 #
@@ -13696,8 +13698,10 @@ else
     # Darwin uses .dylib for libraries but .so for modules
     if test X"$_shrext" = X".dylib"; then
 	SOEXT=".so"
+	SHLIB_EXT=".dylib"
     else
 	SOEXT="$_shrext"
+	SHLIB_EXT="$_shrext"
     fi
 fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking path to sudo_noexec.so" >&5
@@ -14578,8 +14582,14 @@ done
 		CHECKSHADOW="false"
 		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
 		: ${with_logincap='yes'}
-		RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
+		# Darwin 8 and above can interpose library symbols cleanly
+		if test $OSMAJOR -ge 8; then
+		    $as_echo "#define HAVE___INTERPOSE 1" >>confdefs.h
+
+		else
 		    RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
+		fi
+		RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
 		;;
     *-*-nextstep*)
 		# lockf() on is broken on the NeXT -- use flock instead
@@ -23971,5 +23981,6 @@ fi
 
 
 
+
 
 

configure.in

@@ -42,6 +42,7 @@ AC_SUBST([MANDIRTYPE])
 AC_SUBST([MANCOMPRESS])
 AC_SUBST([MANCOMPRESSEXT])
 AC_SUBST([SHLIB_MODE])
+AC_SUBST([SHLIB_EXT])
 AC_SUBST([SUDOERS_MODE])
 AC_SUBST([SUDOERS_UID])
 AC_SUBST([SUDOERS_GID])
@@ -1491,8 +1492,10 @@ else
     # Darwin uses .dylib for libraries but .so for modules
     if test X"$_shrext" = X".dylib"; then
 	SOEXT=".so"
+	SHLIB_EXT=".dylib"
     else
 	SOEXT="$_shrext"
+	SHLIB_EXT="$_shrext"
     fi
 fi
 AC_MSG_CHECKING(path to sudo_noexec.so)
@@ -1960,8 +1963,13 @@ case "$host" in
 		CHECKSHADOW="false"
 		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
 		: ${with_logincap='yes'}
-		RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
+		# Darwin 8 and above can interpose library symbols cleanly
+		if test $OSMAJOR -ge 8; then
+		    AC_DEFINE(HAVE___INTERPOSE)
+		else
 		    RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
+		fi
+		RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
 		;;
     *-*-nextstep*)
 		# lockf() on is broken on the NeXT -- use flock instead
@@ -3767,6 +3775,7 @@ AH_TEMPLATE(socklen_t, [Define to `unsigned int' if <sys/socket.h> doesn't defin
 AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
 AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
 AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
+AH_TEMPLATE(HAVE___INTERPOSE, [Define to 1 if you have dyld with __interpose attribute support.])
 AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.])
 AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
 AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])

src/Makefile.in

@@ -72,7 +72,8 @@ noexecdir = @NOEXECDIR@
 install_uid = 0
 install_gid = 0
 
-# File mode to use for shared libraries/objects
+# File extension and mode to use for shared libraries
+shlib_ext = @SHLIB_EXT@
 shlib_mode = @SHLIB_MODE@
 
 TEST_PROGS = check_ttyname
@@ -149,7 +150,7 @@ install-includes:
 # We install sudo_noexec by hand so we can avoid a "lib" prefix
 # and a version number.  Since we use LD_PRELOAD, neither is needed.
 install-noexec: install-dirs libsudo_noexec.la
-	if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
+	if [ -f .libs/libsudo_noexec$(shlib_ext) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/libsudo_noexec$(shlib_ext) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
 
 install-plugin:
 

src/sudo_noexec.c

@@ -20,12 +20,35 @@
 
 #include <errno.h>
 #include <stdarg.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
 #ifdef HAVE_SPAWN_H
 #include <spawn.h>
 #endif
 
 #include "missing.h"
 
+#ifdef HAVE___INTERPOSE
+/*
+ * Mac OS X 10.4 and above has support for library symbol interposition.
+ * There is a good explanation of this in the Mac OS X Internals book.
+ */
+typedef struct interpose_s {
+    void *new_func;
+    void *orig_func;
+} interpose_t;
+
+# define FN_NAME(fn)	my_ ## fn
+# define INTERPOSE(fn) \
+    __attribute__((used)) static const interpose_t _interpose_ ## fn \
+    __attribute__((section("__DATA,__interpose"))) = \
+	{ (void *)my_ ## fn, (void *)fn };
+#else
+# define FN_NAME(fn)	fn
+# define INTERPOSE(fn)
+#endif
+
 /*
  * Dummy versions of the execve() family of syscalls.  We don't need
  * to stub out all of them, just the ones that correspond to actual
@@ -42,59 +65,73 @@
 
 #define DUMMY2(fn, t1, t2)			\
 __dso_public int				\
-fn(t1 a1, t2 a2)				\
-DUMMY_BODY
+FN_NAME(fn)(t1 a1, t2 a2)			\
+DUMMY_BODY					\
+INTERPOSE(fn)
 
 #define DUMMY3(fn, t1, t2, t3)			\
 __dso_public int				\
-fn(t1 a1, t2 a2, t3 a3)				\
-DUMMY_BODY
+FN_NAME(fn)(t1 a1, t2 a2, t3 a3)		\
+DUMMY_BODY					\
+INTERPOSE(fn)
 
 #define DUMMY6(fn, t1, t2, t3, t4, t5, t6)	\
 __dso_public int				\
-fn(t1 a1, t2 a2, t3 a3, t4 a4, t5 a5, t6 a6)	\
-DUMMY_BODY
+FN_NAME(fn)(t1 a1, t2 a2, t3 a3, t4 a4, t5 a5, t6 a6)	\
+DUMMY_BODY					\
+INTERPOSE(fn)
 
 #define DUMMY_VA(fn, t1, t2)			\
 __dso_public int				\
-fn(t1 a1, t2 a2, ...)				\
-DUMMY_BODY
+FN_NAME(fn)(t1 a1, t2 a2, ...)			\
+DUMMY_BODY					\
+INTERPOSE(fn)
 
 DUMMY_VA(execl, const char *, const char *)
-DUMMY_VA(_execl, const char *, const char *)
-DUMMY_VA(__execl, const char *, const char *)
 DUMMY_VA(execle, const char *, const char *)
-DUMMY_VA(_execle, const char *, const char *)
-DUMMY_VA(__execle, const char *, const char *)
 DUMMY_VA(execlp, const char *, const char *)
-DUMMY_VA(_execlp, const char *, const char *)
-DUMMY_VA(__execlp, const char *, const char *)
-DUMMY3(exect, const char *, char * const *, char * const *)
-DUMMY3(_exect, const char *, char * const *, char * const *)
-DUMMY3(__exect, const char *, char * const *, char * const *)
 DUMMY2(execv, const char *, char * const *)
-DUMMY2(_execv, const char *, char * const *)
-DUMMY2(__execv, const char *, char * const *)
 DUMMY2(execvp, const char *, char * const *)
-DUMMY2(_execvp, const char *, char * const *)
-DUMMY2(__execvp, const char *, char * const *)
 DUMMY3(execvP, const char *, const char *, char * const *)
-DUMMY3(_execvP, const char *, const char *, char * const *)
-DUMMY3(__execvP, const char *, const char *, char * const *)
 DUMMY3(execve, const char *, char * const *, char * const *)
-DUMMY3(_execve, const char *, char * const *, char * const *)
-DUMMY3(__execve, const char *, char * const *, char * const *)
+
+#ifndef __APPLE__
+/*
+ * On Mac OS X we can only define functions that actually
+ * exist on the system due to how interposition is done.
+ */
+DUMMY3(exect, const char *, char * const *, char * const *)
 DUMMY3(execvpe, const char *, char * const *, char * const *)
-DUMMY3(_execvpe, const char *, char * const *, char * const *)
-DUMMY3(__execvpe, const char *, char * const *, char * const *)
 DUMMY3(fexecve, int , char * const *, char * const *)
+DUMMY_VA(_execl, const char *, const char *)
+DUMMY_VA(_execle, const char *, const char *)
+DUMMY_VA(_execlp, const char *, const char *)
+DUMMY3(_exect, const char *, char * const *, char * const *)
+DUMMY2(_execv, const char *, char * const *)
+DUMMY2(_execvp, const char *, char * const *)
+DUMMY3(_execvP, const char *, const char *, char * const *)
+DUMMY3(_execve, const char *, char * const *, char * const *)
+DUMMY3(_execvpe, const char *, char * const *, char * const *)
 DUMMY3(_fexecve, int , char * const *, char * const *)
+DUMMY_VA(__execl, const char *, const char *)
+DUMMY_VA(__execle, const char *, const char *)
+DUMMY_VA(__execlp, const char *, const char *)
+DUMMY3(__exect, const char *, char * const *, char * const *)
+DUMMY2(__execv, const char *, char * const *)
+DUMMY2(__execvp, const char *, char * const *)
+DUMMY3(__execvP, const char *, const char *, char * const *)
+DUMMY3(__execve, const char *, char * const *, char * const *)
+DUMMY3(__execvpe, const char *, char * const *, char * const *)
 DUMMY3(__fexecve, int , char * const *, char * const *)
+#endif /* __APPLE__ */
+
 #ifdef HAVE_SPAWN_H
 DUMMY6(posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
-DUMMY6(_posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
-DUMMY6(__posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
 DUMMY6(posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
+# ifndef __APPLE__
+DUMMY6(_posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
 DUMMY6(_posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
+DUMMY6(__posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
 DUMMY6(__posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
+# endif /* __APPLE__ */
 #endif /* HAVE_SPAWN_H */