The default value of noexec_file is set to this.
--with-passwd-tries number of tries to enter password (default is 3)
--with-timeout minutes before sudo asks for passwd again (def is 5 minutes)
--with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)
+ --with-noexec fully qualified pathname of sudo_noexec.so
--with-execv use execv() instead of execvp()
--with-tty-tickets use a different ticket file for each tty
--with-insults insult the user for entering an incorrect password
echo "$as_me:$LINENO: result: $password_timeout" >&5
echo "${ECHO_T}$password_timeout" >&6
+echo "$as_me:$LINENO: checking path to sudo_noexec.so" >&5
+echo $ECHO_N "checking path to sudo_noexec.so... $ECHO_C" >&6
+
+# Check whether --with-noexec or --without-noexec was given.
+if test "${with_noexec+set}" = set; then
+ withval="$with_noexec"
+ case $with_noexec in
+ yes) with_noexec="$libexecdir/sudo_noexec.so"
+ ;;
+ no) ;;
+ *) ;;
+esac
+else
+ with_noexec="$libexecdir/sudo_noexec.so"
+fi;
+echo "$as_me:$LINENO: result: $with_noexec" >&5
+echo "${ECHO_T}$with_noexec" >&6
+
# Check whether --with-execv or --without-execv was given.
if test "${with_execv+set}" = set; then
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
+if test "$with_noexec" != "no"; then
+ oexec_prefix="$exec_prefix"
+ if test "$exec_prefix" = '$(prefix)'; then
+ if test "$prefix" = "NONE"; then
+ exec_prefix="$ac_default_prefix"
+ else
+ exec_prefix="$prefix"
+ fi
+ fi
+ eval with_noexec="$with_noexec"
+
+cat >>confdefs.h <<_ACEOF
+#define _PATH_SUDO_NOEXEC "$with_noexec"
+_ACEOF
+
+ exec_prefix="$oexec_prefix"
+fi
+
ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
AC_MSG_RESULT($password_timeout)
+AC_MSG_CHECKING(path to sudo_noexec.so)
+AC_ARG_WITH(noexec, [ --with-noexec fully qualified pathname of sudo_noexec.so],
+[case $with_noexec in
+ yes) with_noexec="$libexecdir/sudo_noexec.so"
+ ;;
+ no) ;;
+ *) ;;
+esac], [with_noexec="$libexecdir/sudo_noexec.so"])
+AC_MSG_RESULT($with_noexec)
+
AC_ARG_WITH(execv, [ --with-execv use execv() instead of execvp()],
[case $with_execv in
yes) AC_MSG_CHECKING(whether to use execvp or execv)
dnl
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
+dnl
+dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
+dnl XXX - this is gross!
+dnl
+if test "$with_noexec" != "no"; then
+ oexec_prefix="$exec_prefix"
+ if test "$exec_prefix" = '$(prefix)'; then
+ if test "$prefix" = "NONE"; then
+ exec_prefix="$ac_default_prefix"
+ else
+ exec_prefix="$prefix"
+ fi
+ fi
+ eval with_noexec="$with_noexec"
+ AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$with_noexec", [The fully qualified pathname of sudo_noexec.so])
+ exec_prefix="$oexec_prefix"
+fi
+
dnl
dnl Substitute into the Makefile and man pages
dnl
def_exempt_group = estrdup(EXEMPTGROUP);
#endif
def_editor = estrdup(EDITOR);
+#ifdef _PATH_SUDO_NOEXEC
+ def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
+#endif
/* Finally do the lists (currently just environment tables). */
init_envtables();
/* Point LD_PRELOAD to noexec_file? */
/* XXX - what to use for HP-UX and AIX? */
- if (noexec)
+ if (noexec && def_noexec_file != NULL)
insert_env(format_env("LD_PRELOAD", def_noexec_file), 1);
/* Set PS1 if SUDO_PS1 is set. */
#undef _PATH_SUDO_SENDMAIL
#endif /* _PATH_SUDO_SENDMAIL */
+#ifndef _PATH_SUDO_NOEXEC
+#undef _PATH_SUDO_NOEXEC
+#endif /* _PATH_SUDO_NOEXEC */
+
#ifndef _PATH_VI
#undef _PATH_VI
#endif /* _PATH_VI */
projects / sudo / commitdiff