Alas, all the world does not go through execve(2). Many systems

still have an execv(2) system call, Linux 2.6 provides fexecve(2)
and it is not uncommon for libc to have underscore ('_') versions
of the functions to be used internally by the library.  Instead of
stubbing all these out by hand, define a macro and let it do the
work.  Extra exec functions pointed out by Reznic Valery.

diff --git a/sudo_noexec.c b/sudo_noexec.c
index 72f790195e786bf68d5c563e8d12812924710487..2a5080f0bec050f5ba146659930cc944518e681d 100644 (file)
--- a/sudo_noexec.c
+++ b/sudo_noexec.c
@@ -41,20 +41,33 @@ static const char rcsid[] = "$Sudo$";
 #endif /* lint */
 
 /*
- * Dummy replacement for libc execve(2)
+ * Dummy versions of the execve() family of syscalls.  We don't need
+ * to stub out all of them, just the ones that correspond to actual
+ * system calls (which varies by OS).  Note that it is still possible
+ * to access the real syscalls via the syscall() interface but very
+ * few programs actually do that.
  */
-int
-#ifdef __STDC__
-execve(const char *path, char *const argv[], char *const envp[])
-#else
-execve(path, argv, envp)
-    const char *path;
-    char *const argv[];
-    char *const envp[];
-#endif
-{
-    extern int errno;
 
-    errno = EACCES;
-    return(-1);
+extern int errno;
+
+#define DUMMY(fn, args, atypes)        \
+int                            \
+fn args                                \
+    atypes                     \
+{                              \
+    errno = EACCES;            \
+    return(-1);                        \
 }
+
+DUMMY(execve, (path, argv, envp),
+      const char *path; char *const argv[]; char *const envp[];)
+DUMMY(_execve, (path, argv, envp),
+      const char *path; char *const argv[]; char *const envp[];)
+DUMMY(execv, (path, argv, envp),
+      const char *path; char *const argv[];)
+DUMMY(_execv, (path, argv, envp),
+      const char *path; char *const argv[];)
+DUMMY(fexecve, (fd, argv, envp),
+      int fd; char *const argv[]; char *const envp[];)
+DUMMY(_fexecve, (fd, argv, envp),
+      int fd; char *const argv[]; char *const envp[];)