mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

sudo_intercept.so: only replace execvpe() if it is present.

Browse Source 
execvpe() is a GNU extension also found on *BSD (but not macOS).
This commit is contained in:
Todd C. Miller
2021-09-08 11:09:59 -06:00
parent 6d5f450a62
commit 3a4aec7a62
7 changed files with 45 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
MANIFEST
View File

@@ -1112,7 +1112,7 @@ src/exec_preload.c
src/exec_pty.c src/exec_pty.c
src/get_pty.c src/get_pty.c
src/hooks.c src/hooks.c
src/intercept.exp src/intercept.exp.in
src/intercept.pb-c.c src/intercept.pb-c.c
src/intercept.proto src/intercept.proto
src/limits.c src/limits.c

22
configure vendored
View File

@@ -771,6 +771,7 @@ relay_dir
logpath logpath
log_dir log_dir
iolog_dir iolog_dir
INTERCEPT_EXP
FUZZ_LD FUZZ_LD
FUZZ_ENGINE FUZZ_ENGINE
PPFILES PPFILES
@@ -3555,6 +3556,7 @@ ac_config_headers="$ac_config_headers config.h pathnames.h"
# #
@@ -3651,6 +3653,7 @@ COMPAT_EXP=
SIGNAME= SIGNAME=
FUZZ_ENGINE= FUZZ_ENGINE=
FUZZ_LD='$(CC)' FUZZ_LD='$(CC)'
INTERCEPT_EXP=
WEAK_ALIAS=no WEAK_ALIAS=no
CHECKSHADOW=true CHECKSHADOW=true
shadow_funcs= shadow_funcs=
@@ -20964,6 +20967,22 @@ done
for ac_func in execvpe
do :
ac_fn_c_check_func "$LINENO" "execvpe" "ac_cv_func_execvpe"
if test "x$ac_cv_func_execvpe" = xyes
then :
printf "%s\n" "#define HAVE_EXECVPE 1" >>confdefs.h
for _sym in execvpe; do
INTERCEPT_EXP="${INTERCEPT_EXP}${_sym}
"
done
fi
done
for ac_func in pread for ac_func in pread
do : do :
ac_fn_c_check_func "$LINENO" "pread" "ac_cv_func_pread" ac_fn_c_check_func "$LINENO" "pread" "ac_cv_func_pread"
@@ -30976,7 +30995,7 @@ elif test X"$TMPFILES_D" != X""; then
fi fi
ac_config_files="$ac_config_files Makefile doc/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers" ac_config_files="$ac_config_files Makefile doc/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers"
cat >confcache <<\_ACEOF cat >confcache <<\_ACEOF
@@ -31980,6 +31999,7 @@ do
"lib/util/Makefile") CONFIG_FILES="$CONFIG_FILES lib/util/Makefile" ;; "lib/util/Makefile") CONFIG_FILES="$CONFIG_FILES lib/util/Makefile" ;;
"lib/util/util.exp") CONFIG_FILES="$CONFIG_FILES lib/util/util.exp" ;; "lib/util/util.exp") CONFIG_FILES="$CONFIG_FILES lib/util/util.exp" ;;
"logsrvd/Makefile") CONFIG_FILES="$CONFIG_FILES logsrvd/Makefile" ;; "logsrvd/Makefile") CONFIG_FILES="$CONFIG_FILES logsrvd/Makefile" ;;
"src/intercept.exp") CONFIG_FILES="$CONFIG_FILES src/intercept.exp" ;;
"src/sudo_usage.h") CONFIG_FILES="$CONFIG_FILES src/sudo_usage.h" ;; "src/sudo_usage.h") CONFIG_FILES="$CONFIG_FILES src/sudo_usage.h" ;;
"src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
"plugins/audit_json/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit_json/Makefile" ;; "plugins/audit_json/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit_json/Makefile" ;;

5
configure.ac
View File

@@ -126,6 +126,7 @@ AC_SUBST([LIBLOGSRV])
AC_SUBST([PPFILES]) AC_SUBST([PPFILES])
AC_SUBST([FUZZ_ENGINE]) AC_SUBST([FUZZ_ENGINE])
AC_SUBST([FUZZ_LD]) AC_SUBST([FUZZ_LD])
AC_SUBST([INTERCEPT_EXP])
dnl dnl
dnl Variables that get substituted in docs (not overridden by environment) dnl Variables that get substituted in docs (not overridden by environment)
@@ -271,6 +272,7 @@ COMPAT_EXP=
SIGNAME= SIGNAME=
FUZZ_ENGINE= FUZZ_ENGINE=
FUZZ_LD='$(CC)' FUZZ_LD='$(CC)'
INTERCEPT_EXP=
dnl dnl
dnl Other variables dnl Other variables
dnl dnl
@@ -2543,6 +2545,7 @@ dnl
AC_FUNC_GETGROUPS AC_FUNC_GETGROUPS
AC_FUNC_FSEEKO AC_FUNC_FSEEKO
AC_CHECK_FUNCS_ONCE([fexecve fmemopen killpg nl_langinfo faccessat wordexp getauxval]) AC_CHECK_FUNCS_ONCE([fexecve fmemopen killpg nl_langinfo faccessat wordexp getauxval])
AC_CHECK_FUNCS([execvpe], [SUDO_APPEND_INTERCEPT_EXP(execvpe)])
AC_CHECK_FUNCS([pread], [ AC_CHECK_FUNCS([pread], [
# pread/pwrite on 32-bit HP-UX 11.x may not support large files # pread/pwrite on 32-bit HP-UX 11.x may not support large files
case "$host_os" in case "$host_os" in
@@ -4895,7 +4898,7 @@ elif test X"$TMPFILES_D" != X""; then
AC_CONFIG_FILES([etc/init.d/sudo.conf]) AC_CONFIG_FILES([etc/init.d/sudo.conf])
fi fi
AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT AC_OUTPUT

11
m4/sudo.m4
View File

@@ -504,6 +504,17 @@ AC_DEFUN([SUDO_APPEND_COMPAT_EXP], [
done done
]) ])
dnl
dnl
dnl Append one or more symbols to INTERCEPT_EXP
dnl
AC_DEFUN([SUDO_APPEND_INTERCEPT_EXP], [
for _sym in $1; do
INTERCEPT_EXP="${INTERCEPT_EXP}${_sym}
"
done
])
dnl dnl
dnl Determine the mail spool location dnl Determine the mail spool location
dnl NOTE: must be run *after* check for paths.h dnl NOTE: must be run *after* check for paths.h

2
src/Makefile.in
View File

@@ -117,7 +117,7 @@ install_gid = 0
# File extension, mode and map file to use for shared libraries/objects # File extension, mode and map file to use for shared libraries/objects
shlib_enable = @SHLIB_ENABLE@ shlib_enable = @SHLIB_ENABLE@
shlib_mode = @SHLIB_MODE@ shlib_mode = @SHLIB_MODE@
shlib_exp = $(srcdir)/intercept.exp shlib_exp = ./intercept.exp
shlib_map = intercept.map shlib_map = intercept.map
shlib_opt = intercept.opt shlib_opt = intercept.opt

3
src/intercept.exp → src/intercept.exp.in
View File

@@ -1,7 +1,6 @@
execl @INTERCEPT_EXP@execl
execle execle
execlp execlp
execv execv
execve execve
execvp execvp
execvpe

6
src/sudo_intercept.c
View File

@@ -241,11 +241,13 @@ my_execv(const char *cmnd, char * const argv[])
return execve(cmnd, argv, environ); return execve(cmnd, argv, environ);
} }
#ifdef HAVE_EXECVPE
static int static int
my_execvpe(const char *cmnd, char * const argv[], char * const envp[]) my_execvpe(const char *cmnd, char * const argv[], char * const envp[])
{ {
return exec_wrapper(cmnd, argv, envp, true); return exec_wrapper(cmnd, argv, envp, true);
} }
#endif
static int static int
my_execvp(const char *cmnd, char * const argv[]) my_execvp(const char *cmnd, char * const argv[])
@@ -298,7 +300,9 @@ __attribute__((__section__("__DATA,__interpose"))) = {
{ (void *)my_execv, (void *)execv }, { (void *)my_execv, (void *)execv },
{ (void *)my_execve, (void *)execve }, { (void *)my_execve, (void *)execve },
{ (void *)my_execvp, (void *)execvp }, { (void *)my_execvp, (void *)execvp },
#ifdef HAVE_EXECVPE
{ (void *)my_execvpe, (void *)execvpe } { (void *)my_execvpe, (void *)execvpe }
#endif
}; };
#else /* HAVE___INTERPOSE */ #else /* HAVE___INTERPOSE */
@@ -340,11 +344,13 @@ execv(const char *cmnd, char * const argv[])
return execve(cmnd, argv, environ); return execve(cmnd, argv, environ);
} }
#ifdef HAVE_EXECVPE
sudo_dso_public int sudo_dso_public int
execvpe(const char *cmnd, char * const argv[], char * const envp[]) execvpe(const char *cmnd, char * const argv[], char * const envp[])
{ {
return exec_wrapper(cmnd, argv, envp, true); return exec_wrapper(cmnd, argv, envp, true);
} }
#endif
sudo_dso_public int sudo_dso_public int
execvp(const char *cmnd, char * const argv[]) execvp(const char *cmnd, char * const argv[])