mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 15:25:58 +00:00
Code Issues Releases Wiki Activity

Build sudo_noexec.so as a module on systems other then Darwin.

Browse Source 
On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
must be a library, not a module.  We must relax the requirement
that libraries begin with a "lib" prefix to work around this
difference.  This does mean you must use sudo's libtool on Darwin
(macOS) but that is already a requirement on other systems (notably
HP-UX and SCO) due to a number of libtool patches we require that
haven't be accepted upstream.  This is a different fix for PR #102.
This commit is contained in:
Todd C. Miller
2021-05-13 12:45:56 -06:00
parent 31e6138115
commit 2e492267e7
4 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
configure vendored
View File

@@ -808,6 +808,7 @@ LDAP
SELINUX_USAGE SELINUX_USAGE
BSDAUTH_USAGE BSDAUTH_USAGE
DONT_LEAK_PATH_INFO DONT_LEAK_PATH_INFO
NOEXEC_MODULE
CHECK_NOEXEC CHECK_NOEXEC
INSTALL_NOEXEC INSTALL_NOEXEC
INSTALL_BACKUP INSTALL_BACKUP
@@ -3536,6 +3537,7 @@ ac_config_headers="$ac_config_headers config.h pathnames.h"
# #
@@ -3593,6 +3595,7 @@ devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev"
INSTALL_BACKUP= INSTALL_BACKUP=
INSTALL_NOEXEC= INSTALL_NOEXEC=
CHECK_NOEXEC= CHECK_NOEXEC=
NOEXEC_MODULE=-module
exampledir='$(docdir)/examples' exampledir='$(docdir)/examples'
devdir='$(srcdir)' devdir='$(srcdir)'
PROGS="sudo" PROGS="sudo"
@@ -16604,6 +16607,10 @@ done
fi fi
RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
# Build sudo_noexec.so as a shared library, not a module.
# On Darwin, modules and shared libraries are incompatible.
NOEXEC_MODULE=
# Mach monotonic timer that runs while sleeping # Mach monotonic timer that runs while sleeping
ac_fn_c_check_func "$LINENO" "mach_continuous_time" "ac_cv_func_mach_continuous_time" ac_fn_c_check_func "$LINENO" "mach_continuous_time" "ac_cv_func_mach_continuous_time"
if test "x$ac_cv_func_mach_continuous_time" = xyes if test "x$ac_cv_func_mach_continuous_time" = xyes

6
configure.ac
View File

@@ -76,6 +76,7 @@ AC_SUBST([sesh_file])
AC_SUBST([INSTALL_BACKUP]) AC_SUBST([INSTALL_BACKUP])
AC_SUBST([INSTALL_NOEXEC]) AC_SUBST([INSTALL_NOEXEC])
AC_SUBST([CHECK_NOEXEC]) AC_SUBST([CHECK_NOEXEC])
AC_SUBST([NOEXEC_MODULE])
AC_SUBST([DONT_LEAK_PATH_INFO]) AC_SUBST([DONT_LEAK_PATH_INFO])
AC_SUBST([BSDAUTH_USAGE]) AC_SUBST([BSDAUTH_USAGE])
AC_SUBST([SELINUX_USAGE]) AC_SUBST([SELINUX_USAGE])
@@ -227,6 +228,7 @@ dnl
INSTALL_BACKUP= INSTALL_BACKUP=
INSTALL_NOEXEC= INSTALL_NOEXEC=
CHECK_NOEXEC= CHECK_NOEXEC=
NOEXEC_MODULE=-module
exampledir='$(docdir)/examples' exampledir='$(docdir)/examples'
devdir='$(srcdir)' devdir='$(srcdir)'
PROGS="sudo" PROGS="sudo"
@@ -2170,6 +2172,10 @@ case "$host" in
fi fi
RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
# Build sudo_noexec.so as a shared library, not a module.
# On Darwin, modules and shared libraries are incompatible.
NOEXEC_MODULE=
# Mach monotonic timer that runs while sleeping # Mach monotonic timer that runs while sleeping
AC_CHECK_FUNCS([mach_continuous_time]) AC_CHECK_FUNCS([mach_continuous_time])

3
scripts/ltmain.sh
View File

@@ -8742,9 +8742,6 @@ func_mode_link ()
eval libname=\"$libname_spec\" eval libname=\"$libname_spec\"
;; ;;
*) *)
test no = "$module" \
&& func_fatal_help "libtool library '$output' must begin with 'lib'"
if test no != "$need_lib_prefix"; then if test no != "$need_lib_prefix"; then
# Add the "lib" prefix for modules if required # Add the "lib" prefix for modules if required
func_stripname '' '.la' "$outputname" func_stripname '' '.la' "$outputname"

14
src/Makefile.in
View File

@@ -64,6 +64,9 @@ LT_LDFLAGS = @LT_LDFLAGS@
# Flags to pass to libtool # Flags to pass to libtool
LTFLAGS = --tag=disable-static LTFLAGS = --tag=disable-static
# Build sudo_noexec as a module instead of a shared lib (except on macOS)
NOEXEC_MODULE = @NOEXEC_MODULE@
# Address sanitizer flags # Address sanitizer flags
ASAN_CFLAGS = @ASAN_CFLAGS@ ASAN_CFLAGS = @ASAN_CFLAGS@
ASAN_LDFLAGS = @ASAN_LDFLAGS@ ASAN_LDFLAGS = @ASAN_LDFLAGS@
@@ -175,15 +178,8 @@ Makefile: $(srcdir)/Makefile.in
sudo: $(OBJS) $(LT_LIBS) @STATIC_SUDOERS@ sudo: $(OBJS) $(LT_LIBS) @STATIC_SUDOERS@
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(OBJS) $(SUDO_LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @STATIC_SUDOERS@ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(OBJS) $(SUDO_LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @STATIC_SUDOERS@
# We can't use -module here since you cannot preload a module on Darwin sudo_noexec.la: sudo_noexec.lo
libsudo_noexec.la: sudo_noexec.lo $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo $(NOEXEC_MODULE) -avoid-version -rpath $(noexecdir) -shrext .so
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) -shrext .so
# Some hackery is required to install this as sudo_noexec, not libsudo_noexec
sudo_noexec.la: libsudo_noexec.la
sed 's/libsudo_noexec/sudo_noexec/g' libsudo_noexec.la > sudo_noexec.la
if test -f .libs/libsudo_noexec.lai; then sed 's/libsudo_noexec/sudo_noexec/g' .libs/libsudo_noexec.lai > .libs/sudo_noexec.lai; fi
cp -p .libs/libsudo_noexec.so .libs/sudo_noexec.so
sesh: $(SESH_OBJS) $(LT_LIBS) sesh: $(SESH_OBJS) $(LT_LIBS)
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)