mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 14:25:15 +00:00
Code Issues Releases Wiki Activity

Mention potential problems with log_subcmds and intercept.

Browse Source
This commit is contained in:
Todd C. Miller
2023-09-28 17:01:02 -06:00
parent f6561bc974
commit 3141f63b25
2 changed files with 68 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
docs/sudoers.man.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.TH "SUDOERS" "@mansectform@" "September 20, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "@mansectform@" "September 28, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -3339,6 +3339,9 @@ The
flag uses the same underlying mechanism as the flag uses the same underlying mechanism as the
\fIintercept\fR \fIintercept\fR
setting. setting.
Some commands may not work properly when
\fIlog_subcmds\fR
is enabled, due to the way it intercepts sub-commands.
See See
\fIPreventing shell escapes\fR \fIPreventing shell escapes\fR
for more information on what systems support this option and its limitations. for more information on what systems support this option and its limitations.
@@ -3544,6 +3547,9 @@ will behave as if the
tag has been set, unless overridden by an tag has been set, unless overridden by an
\fRNOINTERCEPT\fR \fRNOINTERCEPT\fR
tag. tag.
Some commands may not work properly when
\fIintercept\fR
is enabled, due to the way it intercept sub-commands.
See the description of See the description of
\fRINTERCEPT and NOINTERCEPT\fR \fRINTERCEPT and NOINTERCEPT\fR
above as well as the above as well as the
@@ -3640,6 +3646,14 @@ tag has been set for the command and the
\fIintercept_type\fR \fIintercept_type\fR
option is set to option is set to
\fItrace\fR. \fItrace\fR.
.sp
This setting is incompatible with programs that change their root directory via
chroot(2).
If a program changes its root directory, path names will no longer match
those seen by the
\fBsudo\fR
parent process and sub-commands will be terminated before they have a chance
to run.
This flag is This flag is
\fIon\fR \fIon\fR
by default. by default.
@@ -7393,6 +7407,9 @@ run a new command, allow or deny it based on
rules, and log the result. rules, and log the result.
For example, this can be used to restrict the commands run from For example, this can be used to restrict the commands run from
within a privileged shell or editor. within a privileged shell or editor.
However, not all programs operate correctly when
\fIintercept\fR
is enabled.
.sp .sp
There are two underlying mechanisms that may be used to implement There are two underlying mechanisms that may be used to implement
\fIintercept\fR \fIintercept\fR
@@ -7466,6 +7483,21 @@ execveat(2)
system call, such as system call, such as
fexecve(3), fexecve(3),
are not currently intercepted. are not currently intercepted.
Programs that rely on
ptrace(2)
themselves, such as debuggers and system call tracers
(such as
strace(1)
and
truss(1))
will be unable to function if
\fIintercept\fR
is enabled in
\fItrace\fR
mode.
This same restriction applies to the
\fIlog_subcmds\fR
sudoers option.
.sp .sp
The The
\fIintercept\fR \fIintercept\fR

36
docs/sudoers.mdoc.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.Dd September 20, 2023 .Dd September 28, 2023
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -3162,6 +3162,9 @@ The
flag uses the same underlying mechanism as the flag uses the same underlying mechanism as the
.Em intercept .Em intercept
setting. setting.
Some commands may not work properly when
.Em log_subcmds
is enabled, due to the way it intercepts sub-commands.
See See
.Sx Preventing shell escapes .Sx Preventing shell escapes
for more information on what systems support this option and its limitations. for more information on what systems support this option and its limitations.
@@ -3355,6 +3358,9 @@ will behave as if the
tag has been set, unless overridden by an tag has been set, unless overridden by an
.Dv NOINTERCEPT .Dv NOINTERCEPT
tag. tag.
Some commands may not work properly when
.Em intercept
is enabled, due to the way it intercept sub-commands.
See the description of See the description of
.Dv INTERCEPT and NOINTERCEPT .Dv INTERCEPT and NOINTERCEPT
above as well as the above as well as the
@@ -3448,6 +3454,14 @@ tag has been set for the command and the
.Em intercept_type .Em intercept_type
option is set to option is set to
.Em trace . .Em trace .
.Pp
This setting is incompatible with programs that change their root directory via
.Xr chroot 2 .
If a program changes its root directory, path names will no longer match
those seen by the
.Nm sudo
parent process and sub-commands will be terminated before they have a chance
to run.
This flag is This flag is
.Em on .Em on
by default. by default.
@@ -6838,6 +6852,9 @@ run a new command, allow or deny it based on
rules, and log the result. rules, and log the result.
For example, this can be used to restrict the commands run from For example, this can be used to restrict the commands run from
within a privileged shell or editor. within a privileged shell or editor.
However, not all programs operate correctly when
.Em intercept
is enabled.
.Pp .Pp
There are two underlying mechanisms that may be used to implement There are two underlying mechanisms that may be used to implement
.Em intercept .Em intercept
@@ -6911,6 +6928,23 @@ Functions utilizing the
system call, such as system call, such as
.Xr fexecve 3 , .Xr fexecve 3 ,
are not currently intercepted. are not currently intercepted.
Programs that rely on
.Xr ptrace 2
themselves, such as debuggers and system call tracers
.Po
such as
.Xr strace 1
and
.Xr truss 1
.Pc
will be unable to function if
.Em intercept
is enabled in
.Em trace
mode.
This same restriction applies to the
.Em log_subcmds
sudoers option.
.Pp .Pp
The The
.Em intercept .Em intercept