Fix installation of sudo_noexec on Mac OS X.

Use library symbol interposition on Mac OS X 10.4 and higher so
we don't need to set DYLD_FORCE_FLAT_NAMESPACE=1.

diff --git a/config.h.in b/config.h.in
index a28142c9ae59eff20feef08d79986429e0ae431f..c822214102e1e5911aca8243314b70af73c2e2a1 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -742,6 +742,9 @@
 /* Define to 1 if the compiler supports the C99 __func__ variable. */
 #undef HAVE___FUNC__
 
+/* Define to 1 if you have dyld with __interpose attribute support. */
+#undef HAVE___INTERPOSE
+
 /* Define to 1 if you have the `__nss_initf_group' function. */
 #undef HAVE___NSS_INITF_GROUP
 

diff --git a/configure b/configure
index 1f575756334635563cec976d93e4a1aec21035bf..42f408a8ac73a9ac4d344f1af0d2c5ba9208d6c7 100755 (executable)
--- a/configure
+++ b/configure
@@ -737,6 +737,7 @@ DEVEL
 SUDOERS_GID
 SUDOERS_UID
 SUDOERS_MODE
+SHLIB_EXT
 SHLIB_MODE
 MANCOMPRESSEXT
 MANCOMPRESS
@@ -2929,6 +2930,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
 
 
 
+
 
 
 #
@@ -13696,8 +13698,10 @@ else
     # Darwin uses .dylib for libraries but .so for modules
     if test X"$_shrext" = X".dylib"; then
        SOEXT=".so"
+       SHLIB_EXT=".dylib"
     else
        SOEXT="$_shrext"
+       SHLIB_EXT="$_shrext"
     fi
 fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking path to sudo_noexec.so" >&5
@@ -14578,8 +14582,14 @@ done
                CHECKSHADOW="false"
                test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
                : ${with_logincap='yes'}
+               # Darwin 8 and above can interpose library symbols cleanly
+               if test $OSMAJOR -ge 8; then
+                   $as_echo "#define HAVE___INTERPOSE 1" >>confdefs.h
+
+               else
+                   RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
+               fi
                RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
-               RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
                ;;
     *-*-nextstep*)
                # lockf() on is broken on the NeXT -- use flock instead
@@ -23971,5 +23981,6 @@ fi
 
 
 
+
 
 

diff --git a/configure.in b/configure.in
index e7a15a5ffdd557d61077cdd3adea72422df0f693..72c701a847424a67985aa71a02d1c740c66a4390 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -42,6 +42,7 @@ AC_SUBST([MANDIRTYPE])
 AC_SUBST([MANCOMPRESS])
 AC_SUBST([MANCOMPRESSEXT])
 AC_SUBST([SHLIB_MODE])
+AC_SUBST([SHLIB_EXT])
 AC_SUBST([SUDOERS_MODE])
 AC_SUBST([SUDOERS_UID])
 AC_SUBST([SUDOERS_GID])
@@ -1491,8 +1492,10 @@ else
     # Darwin uses .dylib for libraries but .so for modules
     if test X"$_shrext" = X".dylib"; then
        SOEXT=".so"
+       SHLIB_EXT=".dylib"
     else
        SOEXT="$_shrext"
+       SHLIB_EXT="$_shrext"
     fi
 fi
 AC_MSG_CHECKING(path to sudo_noexec.so)
@@ -1960,8 +1963,13 @@ case "$host" in
                CHECKSHADOW="false"
                test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
                : ${with_logincap='yes'}
+               # Darwin 8 and above can interpose library symbols cleanly
+               if test $OSMAJOR -ge 8; then
+                   AC_DEFINE(HAVE___INTERPOSE)
+               else
+                   RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
+               fi
                RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
-               RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
                ;;
     *-*-nextstep*)
                # lockf() on is broken on the NeXT -- use flock instead
@@ -3767,6 +3775,7 @@ AH_TEMPLATE(socklen_t, [Define to `unsigned int' if <sys/socket.h> doesn't defin
 AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
 AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
 AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
+AH_TEMPLATE(HAVE___INTERPOSE, [Define to 1 if you have dyld with __interpose attribute support.])
 AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.])
 AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
 AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])

diff --git a/src/Makefile.in b/src/Makefile.in
index ec14240132a2c7b42be74ca33a3abc7798050001..f2f88f817c2350a85492f248e85628176a1c540f 100644 (file)
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -72,7 +72,8 @@ noexecdir = @NOEXECDIR@
 install_uid = 0
 install_gid = 0
 
-# File mode to use for shared libraries/objects
+# File extension and mode to use for shared libraries
+shlib_ext = @SHLIB_EXT@
 shlib_mode = @SHLIB_MODE@
 
 TEST_PROGS = check_ttyname
@@ -149,7 +150,7 @@ install-includes:
 # We install sudo_noexec by hand so we can avoid a "lib" prefix
 # and a version number.  Since we use LD_PRELOAD, neither is needed.
 install-noexec: install-dirs libsudo_noexec.la
-       if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
+       if [ -f .libs/libsudo_noexec$(shlib_ext) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/libsudo_noexec$(shlib_ext) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
 
 install-plugin:
 

diff --git a/src/sudo_noexec.c b/src/sudo_noexec.c
index 1eb2752ad07a76bce8549a3638ed46e6720604e5..59fb7ce003403be7ab236fa59c2d08ce827db0a7 100644 (file)
--- a/src/sudo_noexec.c
+++ b/src/sudo_noexec.c
@@ -20,12 +20,35 @@
 
 #include <errno.h>
 #include <stdarg.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
 #ifdef HAVE_SPAWN_H
 #include <spawn.h>
 #endif
 
 #include "missing.h"
 
+#ifdef HAVE___INTERPOSE
+/*
+ * Mac OS X 10.4 and above has support for library symbol interposition.
+ * There is a good explanation of this in the Mac OS X Internals book.
+ */
+typedef struct interpose_s {
+    void *new_func;
+    void *orig_func;
+} interpose_t;
+
+# define FN_NAME(fn)   my_ ## fn
+# define INTERPOSE(fn) \
+    __attribute__((used)) static const interpose_t _interpose_ ## fn \
+    __attribute__((section("__DATA,__interpose"))) = \
+       { (void *)my_ ## fn, (void *)fn };
+#else
+# define FN_NAME(fn)   fn
+# define INTERPOSE(fn)
+#endif
+
 /*
  * Dummy versions of the execve() family of syscalls.  We don't need
  * to stub out all of them, just the ones that correspond to actual
@@ -42,59 +65,73 @@
 
 #define DUMMY2(fn, t1, t2)                     \
 __dso_public int                               \
-fn(t1 a1, t2 a2)                               \
-DUMMY_BODY
+FN_NAME(fn)(t1 a1, t2 a2)                      \
+DUMMY_BODY                                     \
+INTERPOSE(fn)
 
 #define DUMMY3(fn, t1, t2, t3)                 \
 __dso_public int                               \
-fn(t1 a1, t2 a2, t3 a3)                                \
-DUMMY_BODY
+FN_NAME(fn)(t1 a1, t2 a2, t3 a3)               \
+DUMMY_BODY                                     \
+INTERPOSE(fn)
 
 #define DUMMY6(fn, t1, t2, t3, t4, t5, t6)     \
 __dso_public int                               \
-fn(t1 a1, t2 a2, t3 a3, t4 a4, t5 a5, t6 a6)   \
-DUMMY_BODY
+FN_NAME(fn)(t1 a1, t2 a2, t3 a3, t4 a4, t5 a5, t6 a6)  \
+DUMMY_BODY                                     \
+INTERPOSE(fn)
 
 #define DUMMY_VA(fn, t1, t2)                   \
 __dso_public int                               \
-fn(t1 a1, t2 a2, ...)                          \
-DUMMY_BODY
+FN_NAME(fn)(t1 a1, t2 a2, ...)                 \
+DUMMY_BODY                                     \
+INTERPOSE(fn)
 
 DUMMY_VA(execl, const char *, const char *)
-DUMMY_VA(_execl, const char *, const char *)
-DUMMY_VA(__execl, const char *, const char *)
 DUMMY_VA(execle, const char *, const char *)
-DUMMY_VA(_execle, const char *, const char *)
-DUMMY_VA(__execle, const char *, const char *)
 DUMMY_VA(execlp, const char *, const char *)
-DUMMY_VA(_execlp, const char *, const char *)
-DUMMY_VA(__execlp, const char *, const char *)
+DUMMY2(execv, const char *, char * const *)
+DUMMY2(execvp, const char *, char * const *)
+DUMMY3(execvP, const char *, const char *, char * const *)
+DUMMY3(execve, const char *, char * const *, char * const *)
+
+#ifndef __APPLE__
+/*
+ * On Mac OS X we can only define functions that actually
+ * exist on the system due to how interposition is done.
+ */
 DUMMY3(exect, const char *, char * const *, char * const *)
+DUMMY3(execvpe, const char *, char * const *, char * const *)
+DUMMY3(fexecve, int , char * const *, char * const *)
+DUMMY_VA(_execl, const char *, const char *)
+DUMMY_VA(_execle, const char *, const char *)
+DUMMY_VA(_execlp, const char *, const char *)
 DUMMY3(_exect, const char *, char * const *, char * const *)
-DUMMY3(__exect, const char *, char * const *, char * const *)
-DUMMY2(execv, const char *, char * const *)
 DUMMY2(_execv, const char *, char * const *)
-DUMMY2(__execv, const char *, char * const *)
-DUMMY2(execvp, const char *, char * const *)
 DUMMY2(_execvp, const char *, char * const *)
-DUMMY2(__execvp, const char *, char * const *)
-DUMMY3(execvP, const char *, const char *, char * const *)
 DUMMY3(_execvP, const char *, const char *, char * const *)
-DUMMY3(__execvP, const char *, const char *, char * const *)
-DUMMY3(execve, const char *, char * const *, char * const *)
 DUMMY3(_execve, const char *, char * const *, char * const *)
-DUMMY3(__execve, const char *, char * const *, char * const *)
-DUMMY3(execvpe, const char *, char * const *, char * const *)
 DUMMY3(_execvpe, const char *, char * const *, char * const *)
-DUMMY3(__execvpe, const char *, char * const *, char * const *)
-DUMMY3(fexecve, int , char * const *, char * const *)
 DUMMY3(_fexecve, int , char * const *, char * const *)
+DUMMY_VA(__execl, const char *, const char *)
+DUMMY_VA(__execle, const char *, const char *)
+DUMMY_VA(__execlp, const char *, const char *)
+DUMMY3(__exect, const char *, char * const *, char * const *)
+DUMMY2(__execv, const char *, char * const *)
+DUMMY2(__execvp, const char *, char * const *)
+DUMMY3(__execvP, const char *, const char *, char * const *)
+DUMMY3(__execve, const char *, char * const *, char * const *)
+DUMMY3(__execvpe, const char *, char * const *, char * const *)
 DUMMY3(__fexecve, int , char * const *, char * const *)
+#endif /* __APPLE__ */
+
 #ifdef HAVE_SPAWN_H
 DUMMY6(posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
-DUMMY6(_posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
-DUMMY6(__posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
 DUMMY6(posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
+# ifndef __APPLE__
+DUMMY6(_posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
 DUMMY6(_posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
+DUMMY6(__posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
 DUMMY6(__posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
+# endif /* __APPLE__ */
 #endif /* HAVE_SPAWN_H */