Add intercept_type sudoers option to set intercept/log_subcmds mechanism.

2022-05-24 13:39:28 -06:00
parent b203753013
commit f053f174bc
13 changed files with 243 additions and 37 deletions
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -650,10 +650,10 @@ bad:
 static void
 command_info_to_details(char * const info[], struct command_details *details)
 {
-    int i;
-    id_t id;
-    char *cp;
    const char *errstr;
+    char *cp;
+    id_t id;
+    int i;
    debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM);

    memset(details, 0, sizeof(*details));
@@ -857,17 +857,15 @@ command_info_to_details(char * const info[], struct command_details *details)
 		    break;
 		}
 		SET_FLAG("umask_override=", CD_OVERRIDE_UMASK)
+		SET_FLAG("use_ptrace=", CD_USE_PTRACE)
 		SET_FLAG("use_pty=", CD_USE_PTY)
 		SET_STRING("utmp_user=", utmp_user)
 		break;
 	}
    }

-    if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) {
-	/* Use ptrace(2) for intercept/log_subcmds if possible. */
-	if (sudo_settings[ARG_INTERCEPT_SETID].value != NULL)
-	    SET(details->flags, CD_USE_PTRACE);
-    }
+    /* Only use ptrace(2) for intercept/log_subcmds if supported. */
+    exec_ptrace_fix_flags(details);

    if (!ISSET(details->flags, CD_SET_EUID))
 	details->cred.euid = details->cred.uid;