From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 21 Aug 2004 18:20:11 +0000 (+0000)
Subject: document --with-noexec
X-Git-Tag: SUDO_1_6_8p1~56
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=65d6b278b4fc0b7c62fbedfec9475ece17307a25;p=sudo

document --with-noexec
---

diff --git a/INSTALL b/INSTALL
index d967cb1df..1744178c0 100644
--- a/INSTALL
+++ b/INSTALL
@@ -225,6 +225,17 @@ Special features/options:
         only the newer BSD authentication API is supported.  If you
         don't have /usr/include/bsd_auth.h then you cannot use this.
 
+  --with-noexec[=PATH]
+        Enable support for the "noexec" functionality which prevents
+        a dynamically-linked program being run by sudo from executing
+        another program (think shell escapes).  Please see the
+        "PREVENTING SHELL ESCAPES" section in the sudoers man page
+        for details.  If specified, PATH should be a fully qualified
+        pathname, e.g. /usr/local/libexec/sudo_noexec.so.  If PATH
+        is "no", noexec support will not be compiled in.  The default
+        is to compile noexec support if libtool supports building
+        shared objects on your OS.
+
   --disable-root-mailer
         By default sudo will run the mailer as root when tattling
         on a user so as to prevent that user from killing the mailer.