document --with-noexec

author Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 21 Aug 2004 18:20:11 +0000 (18:20 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 21 Aug 2004 18:20:11 +0000 (18:20 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 21 Aug 2004 18:20:11 +0000 (18:20 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 21 Aug 2004 18:20:11 +0000 (18:20 +0000)
diff --git a/INSTALL b/INSTALL

index d967cb1df2346c0f7da7cbe09d78f7cb15ce4d7d..1744178c0e986f51fa36736cde666383d9f36056 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -225,6 +225,17 @@ Special features/options:
          only the newer BSD authentication API is supported.  If you
          don't have /usr/include/bsd_auth.h then you cannot use this.
  
+  --with-noexec[=PATH]
+        Enable support for the "noexec" functionality which prevents
+        a dynamically-linked program being run by sudo from executing
+        another program (think shell escapes).  Please see the
+        "PREVENTING SHELL ESCAPES" section in the sudoers man page
+        for details.  If specified, PATH should be a fully qualified
+        pathname, e.g. /usr/local/libexec/sudo_noexec.so.  If PATH
+        is "no", noexec support will not be compiled in.  The default
+        is to compile noexec support if libtool supports building
+        shared objects on your OS.
+
    --disable-root-mailer
          By default sudo will run the mailer as root when tattling
          on a user so as to prevent that user from killing the mailer.
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 21 Aug 2004 18:20:11 +0000 (18:20 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 21 Aug 2004 18:20:11 +0000 (18:20 +0000)