From: Todd C. Miller Date: Fri, 14 Oct 2016 16:33:55 +0000 (-0600) Subject: Add wordexp() to the list of functions wrapped by sudo_noexec.so. X-Git-Tag: SUDO_1_8_19^2~106 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=afcdc285348abcf2765dc09da6fc378db4db00c2;p=sudo Add wordexp() to the list of functions wrapped by sudo_noexec.so. --- diff --git a/doc/sudo.conf.cat b/doc/sudo.conf.cat index 5d27f05e7..ebe1f8c4d 100644 --- a/doc/sudo.conf.cat +++ b/doc/sudo.conf.cat @@ -106,13 +106,13 @@ DDEESSCCRRIIPPTTIIOONN _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment variable. - noexec The fully-qualified path to a shared library containing dummy - versions of the eexxeeccll(), eexxeeccllee(), eexxeeccllpp(), eexxeecctt(), eexxeeccvv(), + noexec The fully-qualified path to a shared library containing + wrappers for the eexxeeccll(), eexxeeccllee(), eexxeeccllpp(), eexxeecctt(), eexxeeccvv(), eexxeeccvvee(), eexxeeccvvPP(), eexxeeccvvpp(), eexxeeccvvppee(), ffeexxeeccvvee(), ppooppeenn(), - ppoossiixx__ssppaawwnn(), ppoossiixx__ssppaawwnnpp(), and ssyysstteemm() library functions - that just return an error. This is used to implement the - _n_o_e_x_e_c functionality on systems that support LD_PRELOAD or its - equivalent. The default value is: + ppoossiixx__ssppaawwnn(), ppoossiixx__ssppaawwnnpp(), ssyysstteemm(), and wwoorrddeexxpp() library + functions that prevent the execution of further commands. This + is used to implement the _n_o_e_x_e_c functionality on systems that + support LD_PRELOAD or its equivalent. The default value is: _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_u_d_o___n_o_e_x_e_c_._s_o. plugin_dir @@ -418,4 +418,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.18 June 15, 2016 Sudo 1.8.18 +Sudo 1.8.18 October 15, 2016 Sudo 1.8.18 diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in index f67984a17..88cb7cb94 100644 --- a/doc/sudo.conf.man.in +++ b/doc/sudo.conf.man.in @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.TH "SUDO.CONF" "5" "June 15, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO.CONF" "5" "October 15, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -239,8 +239,8 @@ may be overridden by the environment variable. .TP 10n noexec -The fully-qualified path to a shared library containing dummy -versions of the +The fully-qualified path to a shared library containing wrappers +for the \fBexecl\fR(), \fBexecle\fR(), \fBexeclp\fR(), @@ -254,9 +254,10 @@ versions of the \fBpopen\fR(), \fBposix_spawn\fR(), \fBposix_spawnp\fR(), +\fBsystem\fR(), and -\fBsystem\fR() -library functions that just return an error. +\fBwordexp\fR() +library functions that prevent the execution of further commands. This is used to implement the \fInoexec\fR functionality on systems that support diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in index ebb089eed..f10d31cd3 100644 --- a/doc/sudo.conf.mdoc.in +++ b/doc/sudo.conf.mdoc.in @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 15, 2016 +.Dd October 15, 2016 .Dt SUDO.CONF @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -216,8 +216,8 @@ may be overridden by the .Ev SUDO_ASKPASS environment variable. .It noexec -The fully-qualified path to a shared library containing dummy -versions of the +The fully-qualified path to a shared library containing wrappers +for the .Fn execl , .Fn execle , .Fn execlp , @@ -231,9 +231,10 @@ versions of the .Fn popen , .Fn posix_spawn , .Fn posix_spawnp , +.Fn system , and -.Fn system -library functions that just return an error. +.Fn wordexp +library functions that prevent the execution of further commands. This is used to implement the .Em noexec functionality on systems that support