Take the chroot into account when search for the command.
This could a a user-specific chroot via the -R option, a runchroot Defaults value, or a per-command CHROOT spec in the sudoers rule.
This commit is contained in:
@@ -39,14 +39,24 @@
|
||||
* Verify that path is a normal file and executable by root.
|
||||
*/
|
||||
bool
|
||||
sudo_goodpath(const char *path, struct stat *sbp)
|
||||
sudo_goodpath(const char *path, const char *runchroot, struct stat *sbp)
|
||||
{
|
||||
bool ret = false;
|
||||
debug_decl(sudo_goodpath, SUDOERS_DEBUG_UTIL);
|
||||
|
||||
if (path != NULL) {
|
||||
char pathbuf[PATH_MAX];
|
||||
struct stat sb;
|
||||
|
||||
if (runchroot != NULL) {
|
||||
const int len =
|
||||
snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path);
|
||||
if (len >= ssizeof(pathbuf)) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto done;
|
||||
}
|
||||
path = pathbuf;
|
||||
}
|
||||
if (sbp == NULL)
|
||||
sbp = &sb;
|
||||
|
||||
@@ -58,6 +68,6 @@ sudo_goodpath(const char *path, struct stat *sbp)
|
||||
errno = EACCES;
|
||||
}
|
||||
}
|
||||
|
||||
done:
|
||||
debug_return_bool(ret);
|
||||
}
|
||||
|
Reference in New Issue
Block a user