Take the chroot into account when search for the command.

This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
This commit is contained in:
Todd C. Miller
2020-09-09 15:26:44 -06:00
parent e9997c8ec4
commit b6dbfe5094
12 changed files with 342 additions and 113 deletions

View File

@@ -39,14 +39,24 @@
* Verify that path is a normal file and executable by root.
*/
bool
sudo_goodpath(const char *path, struct stat *sbp)
sudo_goodpath(const char *path, const char *runchroot, struct stat *sbp)
{
bool ret = false;
debug_decl(sudo_goodpath, SUDOERS_DEBUG_UTIL);
if (path != NULL) {
char pathbuf[PATH_MAX];
struct stat sb;
if (runchroot != NULL) {
const int len =
snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path);
if (len >= ssizeof(pathbuf)) {
errno = ENAMETOOLONG;
goto done;
}
path = pathbuf;
}
if (sbp == NULL)
sbp = &sb;
@@ -58,6 +68,6 @@ sudo_goodpath(const char *path, struct stat *sbp)
errno = EACCES;
}
}
done:
debug_return_bool(ret);
}