2
0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00

Add intercept_verify sudoers option to control execve(2) argument checking.

This commit is contained in:
Todd C. Miller
2022-07-29 15:22:27 -06:00
parent b80b012de0
commit 3ce19efca9
10 changed files with 99 additions and 32 deletions

View File

@@ -636,7 +636,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
}
/* Increase the length of command_info as needed, it is *not* checked. */
command_info = calloc(71, sizeof(char *));
command_info = calloc(72, sizeof(char *));
if (command_info == NULL)
goto oom;
@@ -812,6 +812,10 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
if ((command_info[info_len++] = strdup("use_ptrace=true")) == NULL)
goto oom;
}
if (def_intercept_verify) {
if ((command_info[info_len++] = strdup("intercept_verify=true")) == NULL)
goto oom;
}
if (def_noexec) {
if ((command_info[info_len++] = strdup("noexec=true")) == NULL)
goto oom;